Some Popular iPhone Apps Are Secretly Recording Your Screen

Some Popular iPhone Apps Are Secretly Recording Your Screen

It’s a foregone conclusion that app makers will get at least some data on how you use their product. How much data do you really expect, though? Maybe which buttons you tap or the length of sessions? According to TechCrunch and analytics company App Analyst, some popular iPhone apps are getting much more. They basically see everything you do in real time, even sensitive information like passwords and credit card numbers.

The offending apps include Air Canada, Hollister, Expedia, Hotels.com, and many more. These apps use technology from a customer experience analytics firm called Glassbox. It pushes a product called “session replay,” allowing app makers to see what users do in the app. This is supposed to help developers address user experience issues to improve, but it also gives them a tremendous amount of user data.

The Glassbox session replays are essentially real-time videos of how you interact with the app. Each tap, swipe, and text entry becomes part of the replay record. The app then beams the reply back to the Glassbox servers. Data like your password or payment details that are usually transmitted over secure means can get caught up in there. As “The App Analyst” recently discovered, Air Canada wasn’t properly masking these replays before transmitting, putting customer data at risk.

Masking sensitive data sometimes failed in Air Canada session replays.
Masking sensitive data sometimes failed in Air Canada session replays.

Not all apps using Glassbox are including these sensitive pieces of information in replays, but even those that are attempting to mask data can run into errors and leak secure content. This data all ends up on the Glassbox servers, and it’s generally considered inappropriate for apps to send user data to third parties without consent. When that data is a complete record of how you use an app, the privacy implications are rather serious. None of the apps in question mention session replays in their privacy policies, either.

When contacted for comment, Glassbox merely said that it cannot “break the boundary of the app.” So, the Glassbox SDK can’t watch what you do elsewhere on the phone, but that’s not addressing the issues. Glassbox isn’t the only company offering services of this sort, and while none of them are seemingly malicious, we don’t know if they’re trustworthy. Are their servers secure? Will they use your data for any other purposes? Who knows? You’re relying on app developers to do their homework.

Continue reading

Google Will Kill Call Recording Apps in the Play Store Next Month
Google Will Kill Call Recording Apps in the Play Store Next Month

Google plans to enforce restrictions on the Accessibility API, which means all the best call recording apps will be banned or forced to downgrade to a more primitive method of recording.

Amazon Employees Might Be Listening to Your Alexa Recordings
Amazon Employees Might Be Listening to Your Alexa Recordings

The company has allegedly used an army of human beings to listen to audio clips from Alexa devices and grade the interactions. This is seen as an essential way to improve the service, but it raises numerous privacy concerns.

Yes, Google Listens to Some of Your Assistant Recordings. That’s Not Surprising.
Yes, Google Listens to Some of Your Assistant Recordings. That’s Not Surprising.

Amazon has been under fire for how it manages Alexa voice data, and now Google is facing similar questions after a contractor gave reporters a chance to peruse customer recordings.

Phone Call Recording May Come to Pixel Phones Soon
Phone Call Recording May Come to Pixel Phones Soon

Google's Pixel line of smartphones never have the best hardware of any Android phone, but Google makes up for it with software. Previous Pixels have debuted features like Call Screen and Google Assistant. Now, the long-rumored call recording feature may be on the verge of release.