Apple is cracking down on apps that record iPhone users’ screens after a TechCrunch investigation revealed a number of major companies have been quietly recording their customers’ screen activity.
A review of the apps by TechCrunch and a mobile security expert found that companies like Expedia and Abercrombie & Fitch embedded so-called “session replay” technology into their apps with the help of London-based analytics firm Glassbox.
Advertisement
But not only are users not being explicitly informed that such screen recordings are being performed, according to a review of the companies’ privacy policies by TechCrunch and HuffPost, but also, in at least one case, sensitive user data was not omitted from the recordings.
A spokesperson for Apple, in a statement to TechCrunch on Thursday, stressed that its apps are required to provide “a clear visual indication when recording, logging, or otherwise making a record of user activity.” If they don’t comply, they could be removed from Apple’s app store, TechCrunch reported.
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the statement read.
Advertisement
A spokesperson from Apple did not immediately respond to a request from HuffPost for comment.
Glassbox’s visual monitoring is designed to allow companies to examine how its users interact with the app to improve its performance, according to the company’s website.
“Always watching, always learning ― Glassbox is like giving your website or app a brain,” Glassbox said in a description of its software on Twitter late last year. “With 100% of every user journey recorded, analysed and securely stored, your digital platforms and your bottom line are protected from unexpected issues.”
Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility. This is Glassbox. Experience it for yourself: https://t.co/E3uXcr0Gjfpic.twitter.com/9cJ40xbSaI
Though the company argues that its data are securely stored, a review of Glassbox’s monitoring of Air Canada’s app by a tech blogger, The App Analyst, found that not all sensitive data fields were concealed from view during a session replay.
A recorded review of Air Canada’s app that was posted on YouTube showed how users’ credit card information and passwords can be visibly displayed.
Advertisement
This revelation comes after Air Canada’s mobile app suffered a data breach last summer that was estimated to affect 20,000 people.
Though the airline said credit card information was not accessed, it did warn that users’ personal data, such as passport numbers, may have been stolen. The airline was criticized at the time for having a weak password system, the BBC reported.
A representative of Glassbox, in an email to HuffPost on Thursday, stated that the information its firm collects is accessed only through its apps and it is not shared with any third parties. A full audit log of every user who accesses the customers’ system is also taken.
“All captured data via our solution is highly secured, encrypted, and solely belongs to the customers we support,” the company stated.
Advertisement
The representative did not respond to questions about Air Canada’s potential data leak and if it knew of any other instances.
Glassbox’s website notes that personally identifiable information can be encrypted and made visible to authorized users.
Companies listed as using Glassbox on the company’s website include Expedia, Air Canada, The Hartford, Guardian, USAA, Yatra, Zurich, Citibank, JP Morgan Chase & Co., Investec, Hotels.com, Singapore Airlines, Air Canada, Abercrombie & Fitch and Hollister.
Several companies that use Glassbox, reached by HuffPost, defended its use, arguing that the data collected are in accordance with its privacy policies.
A representative of Singapore Airlines specifically cited users agreeing in its privacy policy to allow data to be collected “for testing and troubleshooting issues.”
Advertisement
It states that the company collects “device and technical information from you when you use our website or mobile application.” It does not state that it does this by recording users’ screen time.
A representative of Air Canada emphasized that it does not and cannot capture phone screens outside of its app and that “all information is handled securely and in accordance with our policy.”
Our 2024 Coverage Needs You
It's Another Trump-Biden Showdown — And We Need Your Help
The Future Of Democracy Is At Stake
Our 2024 Coverage Needs You
Your Loyalty Means The World To Us
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
The 2024 election is heating up, and women's rights, health care, voting rights, and the very future of democracy are all at stake. Donald Trump will face Joe Biden in the most consequential vote of our time. And HuffPost will be there, covering every twist and turn. America's future hangs in the balance. Would you consider contributing to support our journalism and keep it free for all during this critical season?
HuffPost believes news should be accessible to everyone, regardless of their ability to pay for it. We rely on readers like you to help fund our work. Any contribution you can make — even as little as $2 — goes directly toward supporting the impactful journalism that we will continue to produce this year. Thank you for being part of our story.
It's official: Donald Trump will face Joe Biden this fall in the presidential election. As we face the most consequential presidential election of our time, HuffPost is committed to bringing you up-to-date, accurate news about the 2024 race. While other outlets have retreated behind paywalls, you can trust our news will stay free.
But we can't do it without your help. Reader funding is one of the key ways we support our newsroom. Would you consider making a donation to help fund our news during this critical time? Your contributions are vital to supporting a free press.
As Americans head to the polls in 2024, the very future of our country is at stake. At HuffPost, we believe that a free press is critical to creating well-informed voters. That's why our journalism is free for everyone, even though other newsrooms retreat behind expensive paywalls.
Our journalists will continue to cover the twists and turns during this historic presidential election. With your help, we'll bring you hard-hitting investigations, well-researched analysis and timely takes you can't find elsewhere. Reporting in this current political climate is a responsibility we do not take lightly, and we thank you for your support.
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. Would you consider becoming a regular HuffPost contributor?
Dear HuffPost Reader
Thank you for your past contribution to HuffPost. We are sincerely grateful for readers like you who help us ensure that we can keep our journalism free for everyone.
The stakes are high this year, and our 2024 coverage could use continued support. If circumstances have changed since you last contributed, we hope you'll consider contributing to HuffPost once more.