Some Popular iPhone Apps Are Secretly Recording Your Screen

Some Popular iPhone Apps Are Secretly Recording Your Screen

It’s a foregone conclusion that app makers will get at least some data on how you use their product. How much data do you really expect, though? Maybe which buttons you tap or the length of sessions? According to TechCrunch and analytics company App Analyst, some popular iPhone apps are getting much more. They basically see everything you do in real time, even sensitive information like passwords and credit card numbers.

The offending apps include Air Canada, Hollister, Expedia, Hotels.com, and many more. These apps use technology from a customer experience analytics firm called Glassbox. It pushes a product called “session replay,” allowing app makers to see what users do in the app. This is supposed to help developers address user experience issues to improve, but it also gives them a tremendous amount of user data.

The Glassbox session replays are essentially real-time videos of how you interact with the app. Each tap, swipe, and text entry becomes part of the replay record. The app then beams the reply back to the Glassbox servers. Data like your password or payment details that are usually transmitted over secure means can get caught up in there. As “The App Analyst” recently discovered, Air Canada wasn’t properly masking these replays before transmitting, putting customer data at risk.

Masking sensitive data sometimes failed in Air Canada session replays.
Masking sensitive data sometimes failed in Air Canada session replays.

Not all apps using Glassbox are including these sensitive pieces of information in replays, but even those that are attempting to mask data can run into errors and leak secure content. This data all ends up on the Glassbox servers, and it’s generally considered inappropriate for apps to send user data to third parties without consent. When that data is a complete record of how you use an app, the privacy implications are rather serious. None of the apps in question mention session replays in their privacy policies, either.

When contacted for comment, Glassbox merely said that it cannot “break the boundary of the app.” So, the Glassbox SDK can’t watch what you do elsewhere on the phone, but that’s not addressing the issues. Glassbox isn’t the only company offering services of this sort, and while none of them are seemingly malicious, we don’t know if they’re trustworthy. Are their servers secure? Will they use your data for any other purposes? Who knows? You’re relying on app developers to do their homework.

Continue reading

Xbox Series S Supposedly Black Friday’s Most Popular Console
Xbox Series S Supposedly Black Friday’s Most Popular Console

The global chip shortage and overall accessibility have made the Series S an underdog.

Popular Android App ‘YouTube Vanced’ Abruptly Shuts Down for Legal Reasons
Popular Android App ‘YouTube Vanced’ Abruptly Shuts Down for Legal Reasons

This app gave people the premium YouTube mobile experience without a subscription, but the free ride is over. The team has announced development of the app will end immediately, following an undisclosed legal issue.

Google Forces Popular App to Drop APK Installation Support
Google Forces Popular App to Drop APK Installation Support

In some ways, Google has become downright hostile to the process, and the users of a popular file manager are paying the price.

NFT Trading Down 99 Percent on Most Popular Marketplace
NFT Trading Down 99 Percent on Most Popular Marketplace

According to data from crypto tracker DappRadar, trading volumes on the most popular NFT marketplace have dropped by a staggering 99 percent in the intervening months.