Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
- Thread starter MacRumors
- Start date
- Sort by reaction score
In another article on another site it states that these transmissions back to the data servers (Glassbox or other) are susceptible to 'man-in-the-middle' attacks so your unmasked information is potentially available to those that are looking to cause harm.
That's a fun idea, but you're not as safe as you might think.
I worked for a company that specialized in user engagement, that just happened to be able to recreate a users experience from the data collected.
Because they are not a company typically associated with advertisements or being intrusive they have not yet made it to any of blocklists.
The cyber world turned into a disaster spying system. At this point in time, they either turn data collection illegal, or just keep your personal life off line.
The problem is that..
1-Paid alternative usually does not exist
2-Paid alternatives, if exists, does not guarantee no data collection or monitoring is happening behind the scenes.
The problem is that..
1-Paid alternative usually does not exist
2-Paid alternatives, if exists, does not guarantee no data collection or monitoring is happening behind the scenes.
Um, these are third party apps so what exactly are you talking about?
What's the difference between the information captured via the app that's "transmissions back to the data servers" and information captured via a screen grab that's "transmissions back to the data servers"?
If both are possible and undesirable the app would be useless as it couldn't function (it needs your information)
What have I said that others have not? What am I missing here or are you just gonna post for him?
Your following statement contradicts the prior one.
It’s not a narrative it’s a mandate from the top. I sincerely believe Apple does not misuse your personal info. App developers not so much. And the allegory was on point.
No because at the highest level the app needs to function and each app developer is expected to have a privacy policy that they adhere to. See Facebook. Should apple ban them from safari? Much less the app.
Apple should brag they have a great privacy policy but you are intentionally twisting that to mean the app developers are apples full responsibility. Not true.
See Facebook through safari. Apples iOS keeps your info secure. Again the allegory about the trusted friend is very relevant.
A bug is a bug. The great thing about the internet is that all opinions can be expressed. I disagree with yours.
I am assuming that info captured by the app is sent over a secure connection, the 'screen grab' info seems to be transmitted over less secure means.
Whilst those companies are wrong in what they did, I just thought I'd point out the small irony of people who frequent a site called Macrumors complaining about privacy. The same people that might have ignored privacy and read an email sent in error and then gossiped about it.
Same people who like to read about leaked and privileged information. It might be about a company but it's still having your dirty mitts on something that is private and doesn't belong to you.
About the same company that's been sued for using things that don't belong to them.
It's alright if it's not you hey.....?
Same people who like to read about leaked and privileged information. It might be about a company but it's still having your dirty mitts on something that is private and doesn't belong to you.
About the same company that's been sued for using things that don't belong to them.
It's alright if it's not you hey.....?
Aren't those apps within Apple's eco-system?
Isn't Apple supposed to protect that eco-system?
Isn't Apple claiming: what happens on your iPhone stays on you iPhone?
Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.
Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use "session replay" screen recording technology within their apps.
Session replays let developers screenshot or record or a user's screen and then play back those recordings to see how users interact with their apps. Taps, button pushes, and keyboard entries are all captured and provided to app developers.
Some apps, such as Air Canada, don't properly mask data that's recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.
TechCrunch had mobile app expert The App Analyst look at some of the apps that Glassbox lists as a customer. Not all apps leaked masked data, and most appeared to be obfuscated, but there were instances where email addresses and postal codes were visible.
"Since this data is often sent back to Glassbox servers I wouldn't be shocked if they have already had instances of them capturing sensitive banking information and passwords," The App Analyst told TechCrunch.
As TechCrunch points out, all of the apps have a privacy policy, but not one makes it clear that they're recording a user's screen. Glassbox does not require special permission from either Apple or the user to record the screen, and without checking specific app data, there is no way to know if an app is doing this.
Glassbox also does not require its customers to mention the usage of the screen recording feature in their privacy policies.There are other analytics companies that have practices similar to Glassbox, like Appsee and UXCam, and there are a lot of major companies that are using this kind of technology, based on their customer lists. This kind of tracking is also not limited to iOS apps -- it can be done on the web as well.
With no way to detect that this is going on, all customers can do is refuse to use the apps and services of companies that are found to be engaging in shady analytics tracking purposes without clear privacy policies.
Article Link: Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes
Software dev here. This stuff isn’t as bad as it sounds. The biggest use for this is support and fixing bugs. When a user had an issue, often the hardest part is reproducing the issue so you can fix it. This software lets you see exactly what a user was doing when a bug occurred so you can more easily identify how to fix it. It also helps you identify spots in the app that are not intuitive but watching users be confused how to progress. It’s invaluavke for making your app better. In my companies case we use this for our web product and we obfuscate all personal details and sensitive information. So we can’t see any of that when we watch these sessions.
What is being done by app developers in there unethical approach in designing stealth apps for analytical companies to grab user data and other companies to grab user data, is no different to accountants in their unethical approach to finding legal ways for companies to avoid paying tax.
They both find ways to abuse and manipulate the system in ways it was not designed for, 'loopholes' you might call them, legal but very unethical.
Just because a system allows you to do something it was not designed specifically to do, does not mean you have to use it.
They both find ways to abuse and manipulate the system in ways it was not designed for, 'loopholes' you might call them, legal but very unethical.
Just because a system allows you to do something it was not designed specifically to do, does not mean you have to use it.
How exactly are you supposed to force a developer to be honest. However, I’m not worried about my name, phone, cc number etc. They are on my iPhone and will stay there.
To paraphrase a famous Joseph Stalin quip: A single user screen-grab/theft is tragic, millions of screen-grab analytics are a database — a database potentially worth millions of dollars on the open market. Large dev teams pass these data around and who really controls the final disposition? The temptation is just too great...Apple needs to deal with this ASAP. Otherwise their Las Vegas billboard (CES) is the biggest joke of 2019.
Dev here too
. The weak point is exactly what I emphasized in your comment above. Your company obfuscates all personal details and sensitive information. Other companies don't and also keep that data unencrypted on servers and use it as they please.So in the end the responsibility lies with your company, while it should be addressed at the source. I don't trust any app making company just on their beautiful blue eyes. Do you?
[doublepost=1549550344][/doublepost]
How exactly are you supposed to force a developer to be honest. However, I’m not worried about my name, phone, cc number etc. They are on my iPhone and will stay there.
Apple provides the API's to the devs. If Apple boasts about privacy they should insure there API's enforce privacy. If the source allows for dishonesty there will be dishonesty.
Edit:
It seems to me that Apps for the Apple App store are allowed to do about the same as Android Apps are allowed to do.
I personally don't care because of the times we live in and I am aware of it. But here is one thing: If Apple can not guarantee the privacy/honesty of app makers (just as on Android or other operating systems) why do they claim it and what is it worth? Sounds like hollow P&R phrases to me.
Last edited:
I’ve heard that Facebook’s average revenue per user is bit over $20 a year. This doesn’t seem much but the figure varies a lot. In some cases revenue can be many times the average revenue. In any case, as anyone knows these “free services” are far from being free. Facebook and friends are always looking new ways to monetise their users data. With extreme data mining averarage revenue per user is way more than $100 a year.
This has probably been stated somewhere in this thread and I just missed it, but is there a list of apps that use this specific tool (Glassbox) or other tools like it? Is it even possible to create such a list?
I've seen some people mention ad blocking apps (e.g. AdGuard), is there a tutorial on how to configure such apps to block this category of tools?
Is there a blacklist that has these app's in them?
I've seen some people mention ad blocking apps (e.g. AdGuard), is there a tutorial on how to configure such apps to block this category of tools?
Is there a blacklist that has these app's in them?
Didn’t answer the question just skirted around it. How is Apple supposed to determine your interactions with an iPhone as within their developer terms of service, when a dev uses a legitimate api. They can’t and this has come up before.Dev here too
So in the end the responsibility lies with your company, while it should be addressed at the source. I don't trust any app making company just on their beautiful blue eyes. Do you?
[doublepost=1549550344][/doublepost]
Apple provides the API's to the devs. If Apple boasts about privacy they should insure there API's enforce privacy. If the source allows for dishonesty there will be dishonesty.
Edit:
It seems to me that Apps for the Apple App store are allowed to do about the same as Android Apps are allowed to do.
I personally don't care because of the times we live in and I am aware of it. But here is one thing: If Apple can not guarantee the privacy/honesty of app makers (just as on Android or other operating systems) why do they claim it and what is it worth? Sounds like hollow P&R phrases to me.
Using your logic of apple really cared about our privacy they would ban the Facebook app and Facebook from the browser. Because once you type something into the screen(that is not under Apple control) it goes to the internet and then who knows where.
But as I said I’m not worried about the digital representation of my Face ID, cc info etc
It’s obvious you aren’t a developer, haven’t gone thru any submission process, and you don’t know what you’re really talking about. If Apple allows an API, it means they are allowing a hook to using their sandbox for whatever means. Apps can function being offline. It’s just now you are undoing all the technological progression and pushing devs to a more free form ecosystem
Yes, every app dev is expected to have a privacy policy to adhere too, but the inherent submission process is what Apple uses to ensure everything is regulated. Ethically it’s on the developer, but Apple is the single point of entry for ensuring standards are followed. You said it yourself: it’s a mandate from the top.
The great thing about these forums is it also allows us to profile the varying assumptions people have
[doublepost=1549552360][/doublepost]
It’s not an easy task, but you would need to do an audit report with the developer/company on every network request. And yes they can, but obviously no dev or Apple wants to go thru a stringent audit report