Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
- Thread starter MacRumors
- Start date
- Sort by reaction score
ermm...Apple approves all apps in the Apple app store or are they doing a piss-poor job?
Hogwash. I think most people on this site are competent enough to understand that "recording" the app actions (taps, swipes etc) is pretty much a given since the app needs this to work.
Exposing my private data to an arbitrary code monkey (passport numbers etc) DOES NOT pass the reasonable man test.
This is neither new or a problem in itself.
The problem here consists in companies breaking several laws by transmitting and storing credit card and personal information without proper cause and unencrypted.
In the EU, this will result in heavy fining and auditing.
The problem here consists in companies breaking several laws by transmitting and storing credit card and personal information without proper cause and unencrypted.
In the EU, this will result in heavy fining and auditing.
You've missed the point; you may not like what they are doing but:
A) They've broke no laws.
B) They've haven't even broke app store rules.
People may not like it but here's quote from the article:
"all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes"
The onus is on the individual; take responsibility for what you install people and stop this childish "wah, wah I didn't know" mentality.
Luckily consumer protection bodies in civilised places such as the EU disagree.
But they haven't have they? All the apps shown in the article are perfectly usable operating just the way they are in the EU.
Again I go back to my point it's up to the individual to install what they want. Just installing stuff and saying "oh, I thought the EU would protect me" is just stupid beyond belief.
So let me get this right. You say it's not recording anything, just capturing a screenshot and then assembling them into a video. I used to think that video was made up of X frame per second, with each frame basically being a screenshot? Is assembling the input of someones email or passport number into a moving picture not a video? If not, what is it?
This is screen recording no matter how anyone wants to spin it. Apple being the perfect sandbox where none of your data gets out is no more. The more lax the rules, the more developers will exploit them. The only way for Apple to come back from this is disable all the apps that do this, force the apps to request permission to record what you do and get the message out that this isn't on!
[doublepost=1549531874][/doublepost]
The onus is on the individual to make sure that developers are masking sensitive information like your DoB and passport number when they are compiling videos without explicitly telling you that's what they're doing?!
The individual has already given their DOB and passport number to the app (made by the "developers") so they already have this information! If they choose to capture the information a second way (screen grab) what additional information has the individual given-up without their knowledge?
The fact that in some of the apps it is unmasked so that any employee can access it. Would you be happy if Expedia or similar kept your name, DoB, passport number all in plain text on a server somewhere?
You guys realise lots of websites do most of this too right?
They'd be mining our data and collecting our usage patterns even if we had to pay for the apps.
Now you going into the "what if?" category of events. Who's to say measures are not in place so "any employee can access it" can't happen? Just because something happened before is no indication what-so-ever that it's going to happen in these cases.
It's not exactly an unbelievable "what if". If the screen was recorded and everything masked or anonymised, then I can't see anyone really having an issue unless it is being used to target you with ads. But the fact is, it isn't unmasked or anonymised, and that your name, DoB and passport number are there in plain text. There is absolutely no good reason for that to be recorded like that.
OK arguing over semantics is dumb; the company has your info (you entered it into the app), your concern seems to be any employee can see that info via a screen grab yes? What's stopping that same employee having access to the info entered via the app (which the individual agreed to)?
They haven't because this wasn't common knowledge. Just like they have in the past, they will act on the bahalf of the consumer.
Installing your banking app is hardly high risk, irresponsible behaviour. Expectation that certain things are taken for granted (privacy), especially in light of Tim Cook bleating about it at every opportunity, is reasonable.
Watching how this develops will be interesting.
[doublepost=1549533137][/doublepost]
You don't understand how secure data capturing works.
The problem is that this process creates another point of failure privacy and security wise. Another problem is that most of these app suck, they sucked a year ago and they suck now. So I’m not sure what they are doing this for. Certainly not for user experience.
"Company" may have your info but that DOES NOT imply that a developer contracted from whichever cheapest bidder in a third world country development is outsourced to should have access to your info. This again shows ignorance of basic principles of corporate responsibility on your part.
From a legal stand-point, no I don't. But I'm sure these totally legit companies who are using these methods (and probably have a team of lawyers on staff) do or they would face legal action, or do you believe they are just chancing it?
Wouldn’t be the first time would it?
What tech bloggers should be doing is directing their questions to Glassbox. Glassbox is the one providing the tools to the apps. Are they using public APIs to do this? Or are they using private APIs, and if they did, then report them to Apple. Simply breaking news like this without anything other than naming Apple and saying somebody doing “secret” stuff is extremely clickbait.
How is this possible when normally a red banner/pill will show up during mic/screen recording?
Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.
Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use "session replay" screen recording technology within their apps.
Session replays let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.
Some apps, such as Air Canada, don't properly mask data that's recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.
TechCrunch had mobile app expert The App Analyst look at some of the apps that Glassbox lists as a customer. Not all apps leaked masked data, and most appeared to be obfuscated, but there were instances where email addresses and postal codes were visible.
"Since this data is often sent back to Glassbox servers I wouldn't be shocked if they have already had instances of them capturing sensitive banking information and passwords," The App Analyst told TechCrunch.
As TechCrunch points out, all of the apps have a privacy policy, but not one makes it clear that they're recording a user's screen. Glassbox does not require special permission from either Apple or the user to record the screen, and without checking specific app data, there is no way to know if an app is doing this.
Glassbox also does not require its customers to mention the usage of the screen recording feature in their privacy policies.There are other analytics companies that have practices similar to Glassbox, like Appsee and UXCam, and there are a lot of major companies that are using this kind of technology, based on their customer lists. This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.
With no way to detect that this is going on, all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes without clear privacy policies.
Article Link: Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
LOL. On Android, this won’t even be at the top of your concern list as app developers can literally siphon off your contacts and SMS messages (with their contents in full) already.
And if this is truly a concern to you, then you should stop using Facebook, Google, or even Amazon websites. They use the similar techniques for quite a while already to see how effective their websites and ads are, including how long your mouse cursor hover on certain spots on the website. Most other websites are probably doing the same thing as Facebook etc offer these tools as a service to companies.
[doublepost=1549535808][/doublepost]
Because it’s not actually a “screen recording” as defined by the feature of iOS. Read the report on the Air Canada app.
