Presumably they can see that you initiated notification centre or slide over but can they see a slide over window or even a split screen app? After all the article says screen recordings...
(Bold emphasis is mine)
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
- Thread starter MacRumors
- Start date
- Sort by reaction score
Presumably they can see that you initiated notification centre or slide over but can they see a slide over window or even a split screen app? After all the article says screen recordings...
If only more people read EULA and other agreements before signing up for service with an app.
I bet there are many, many more we don't know about, yet.
LMAO @ clear privacy policies. I take every privacy policy as marketing garbage put in place that is ignored when it's convenient.
You can still be recorded if you're on a website. There are many analytics tools that give developers the option to see user actions like keyboard and mouse movements. Using the web portal is not failsafe.
And that is just a list of some companies from only one analytical company.
Totally the same here man.
I only have the necessities. Pretty much other than my banking app and the Ring app( ring is no good either lol) I don’t really have any other 3rd party apps.
Ohh forgot about my youtube app that’s it/
My phone is pretty empty these days
[doublepost=1549500941][/doublepost]unfortunately we are living in the worst days of the internet by far
Defines the "No Free Lunch" saying and payment will be extracted. Better to purchase ones lunch.
This has nothing to do with these apps being free, as most of them are used specifically to purchase goods and services. It's about UX developers thinking the only way to make their apps better is by monitoring individual usage, and market researchers digging into the info to figure out how to better sell to you.
That said, it's a terrible practice that needs to end.
I can understand how an app could record taps and swipes and such - those are simple UI events - but I'm trying to figure out how an app could make a screen recording without any special permission.
iOS does have native screen recording ability now (which finally allows things like a TeamViewer app that can share your iOS screen with a tech) but that requires some specific steps to allow recording.
The only way I could imagine it being done is if the app is fully self-aware and is able to reconstruct what would be on the screen through knowledge of both its own UI and the taps and swipes of the user.
Apple can certainly kick off any app who is advertised as doing this, but how would they kick off any new app that sneaks it in and isn't detected, or even worse, how would they verify that an app has stopped doing these things so it can be allowed back on the store, if the app isn't using any privacy-sensitive APIs to do so?
You can't exactly add a privacy permission for "this app needs to be aware of taps and swipes as well as content you type on the keyboard". Well, duh. Every app will need that.
The bigger issue is how is it possible that app developers are shielded from needing to disclose the data collection? The avenue of attack would have to be to somehow hit at that point. IANAL so I don't know if or how this might be possible, but it seems like the only way.
iOS does have native screen recording ability now (which finally allows things like a TeamViewer app that can share your iOS screen with a tech) but that requires some specific steps to allow recording.
The only way I could imagine it being done is if the app is fully self-aware and is able to reconstruct what would be on the screen through knowledge of both its own UI and the taps and swipes of the user.
Apple can certainly kick off any app who is advertised as doing this, but how would they kick off any new app that sneaks it in and isn't detected, or even worse, how would they verify that an app has stopped doing these things so it can be allowed back on the store, if the app isn't using any privacy-sensitive APIs to do so?
You can't exactly add a privacy permission for "this app needs to be aware of taps and swipes as well as content you type on the keyboard". Well, duh. Every app will need that.
The bigger issue is how is it possible that app developers are shielded from needing to disclose the data collection? The avenue of attack would have to be to somehow hit at that point. IANAL so I don't know if or how this might be possible, but it seems like the only way.
A question for anyone...
Can an app on iOS be a security or privacy issue even when they are not being used, are not open (forced closed) and not interacted with in the share menu? Obviously any data or information entered or shared previously is potentially in there hands but can the app continue to be a security or privacy threat beyond this just by being installed on your device? If so how is this possible when the apps are not running and are suppose to be sandboxed?
Someone suggested to me that some iOS apps can be a security/privacy issue even when sitting unused on your device but I was highly sceptical but at the same time also aware you can never be too sure when it comes to electronic devices & software.
Thanks
This should be stopped immediately. This is a big deal. I don't know if Apple can scan the app or block these with permissions or with the SDK. Apple has got to so something. This is bigger than Facebook & Google getting slapped on the wrist using developer certificates.
[doublepost=1549501682][/doublepost]
That depends on what the EULA exactly specifies, and whether its at the end of a 5 min scroll. Don't give these companies a free pass on deceiving their customers.
[doublepost=1549501682][/doublepost]
That depends on what the EULA exactly specifies, and whether its at the end of a 5 min scroll. Don't give these companies a free pass on deceiving their customers.
Apple should be sued for letting these apps in the iOS store
I understand the knee-jerk reaction here, but I think most of the responses show a lack of understanding of how apps work. An app developer writes code that constructs every element you see on the screen (within the app's purview). The app's code also needs to know about every interaction someone makes with the app so the app can respond. Theoretically any developer can construct the state of each screen (since they built it themselves) and know which action you took. What this library seems to do is construct that for the developer to make it easier. My guess is it's not actually recording anything, it's just capturing a screenshot of the state of the app each time it changes and highlighting what interaction the user took to get and leave from there. You can then assemble that into a video.
I still think it's creepy, and I think it's really egregious to use an SDK like this without properly obfuscating data, but it's not even close to as bad as say, someone being able to see you when you decline a FaceTime call.
I still think it's creepy, and I think it's really egregious to use an SDK like this without properly obfuscating data, but it's not even close to as bad as say, someone being able to see you when you decline a FaceTime call.
You might be right but the article does state:
“...intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge.”
With all of the iOS security problems lately with apps, imagine how bad Android systems must be.
Based on the description of GlassBox isn't that SDK breaking the privacy rules too? I'm not sure what the big deal is here. Apps do this stuff all the time to find out what features are being used and make decisions based on that. Overcast creator has made mention about knowing how many people search for podcasts, how many podcasts etc .... his app should be scrutinized too.
Mikeybsf is right. A video recording would take way too much bandwidth and battery and be difficult to run analytics on. They're effectively recording the screen by recording app state and user input, and reconstructing it later. Same effect, different means. To put it in a different way, it's bitmap vs vector.
Basically, screen recording =/= video recording.
There is absolutely no evidence that keystrokes were being logged. The accuser says " I wouldn't be shocked if ..." hardly proof that is going on. A lot of loose reporting here.
Leaves me wondering why when you enter a password it shows each letter before being obscured by default with no option to turn this feature off.
One would also hope that the keyboard is seperate from the app hence any taps on the keyboard could not be tracked by the app.
Obviously any data entered with the keyboard and shared could be seen but if you type something and then get rid of it before it is saved, shared or sent then it should not be possible to track this.
Just noticed one of my favorite iOS apps, "Dark Sky" has a privacy option to "Allow Analytics" and goes on to say it allows "Anonymous screen view and event stats". You have the option to disable it, but still. Not cool!
Ah but apparently it's some banking apps that do this. That's my worry. I do not use any but my husband does.
I think the article is unnecessarily sensationalized to cause alarm, like so many articles about various tech scandals these days. On their website they describe the feature as "session replay". An app does not have access to UI elements outside of it's viewport so whether they screenshot 30 times a second or screenshot once every time the state changes and then reconstruct a video based on the time delays between each screen shot is inconsequential. The point is that this is just allowing the developer to reconstruct someone's session in a way that's more visual. They're not recording anything that the developer didn't already construct themselves on the screen.
I wasn't giving them a free pass. It's a legitimate question, not a sarcastic quip.
My take on this.
- visual analytics is not new. Facebook and Google also do this, and they can do this on websites. They can track mouse movements, where you hover and for how long, etc.
- the replay feature in Glassbox is a feature available. But the article doesn’t say if the apps actually use that feature. The article only shows apps that use Glassbox. The exception is Air Canada.
- Air Canada is the one that got analyzed and looks like we get a feel how things work. Looks like the screen replay feature does its thing by capturing many screenshots during a user interaction. This gave a slideshow like replay on what the user did. It’s not a full fledge screen recording, and app dev can employ black boxes to hide sensitive data, but of course the problem is that in this instance, Air Canada did a poor job at it.
From Apple’s perspective, there’s probably not much they can do. Many apps are simply a “window” for a web app, thus this tracker can still be applied regardless of Apple’s restriction in the app API side, unless Apple want to severely restrict apps from running a “web view.” One thing that maybe they can enforce is the user notification of capturing of screenshots, but I don’t know if they can do this without breaking some web capabilities inside an app.
Nonetheless, this has been exposed. Each of those app devs must come clean on what they do or don’t do. Apple also should come out explaining what’s actually going on so there’s no FUD (ie. No actual screen recording as it might sound), and come out with steps to discourage developers from doing this.
And let me iterate, this method of analytics is nothing new, and has been employed on websites for ages. Facebook has a tool for it as well. Any digital marketer would know.
- visual analytics is not new. Facebook and Google also do this, and they can do this on websites. They can track mouse movements, where you hover and for how long, etc.
- the replay feature in Glassbox is a feature available. But the article doesn’t say if the apps actually use that feature. The article only shows apps that use Glassbox. The exception is Air Canada.
- Air Canada is the one that got analyzed and looks like we get a feel how things work. Looks like the screen replay feature does its thing by capturing many screenshots during a user interaction. This gave a slideshow like replay on what the user did. It’s not a full fledge screen recording, and app dev can employ black boxes to hide sensitive data, but of course the problem is that in this instance, Air Canada did a poor job at it.
From Apple’s perspective, there’s probably not much they can do. Many apps are simply a “window” for a web app, thus this tracker can still be applied regardless of Apple’s restriction in the app API side, unless Apple want to severely restrict apps from running a “web view.” One thing that maybe they can enforce is the user notification of capturing of screenshots, but I don’t know if they can do this without breaking some web capabilities inside an app.
Nonetheless, this has been exposed. Each of those app devs must come clean on what they do or don’t do. Apple also should come out explaining what’s actually going on so there’s no FUD (ie. No actual screen recording as it might sound), and come out with steps to discourage developers from doing this.
And let me iterate, this method of analytics is nothing new, and has been employed on websites for ages. Facebook has a tool for it as well. Any digital marketer would know.