Update: Apple is reportedly instructing developers to either inform and request consent from users to record user screen data, or remove the code entirely. Apps that do neither will be removed from the App Store, according to follow-up TechCrunch coverage.
It’s not unusual for apps to collect your data whether it’s to create targeted advertising, help with technical support, or to learn about the demographics of customers.
However, it looks like some companies have taken their data collection practices even further, by recording your screen when you use their iPhone apps.
According to reports by TechCrunch and the App Analyst, iOS applications from the likes of Air Canada, Abercrombie and Fitch, Singapore Airlines, Expedia, and Hotels.com have used “session replay” technology from data analytics company Glassbox to record user’s screens while using their apps.
Glassbox’s session replay software works by recording a users’ screen whenever they input information or press buttons within the app.
While the software can prevent sensitive data like credit card information or passwords being recorded by blocking it out, the App Analyst found that this feature was not always successful, leading to personal information being displayed.
Using software to intercept the data headed to Glassbox’s servers, the App Analyst demonstrated how it could take screenshots of sensitive information in this video uploaded to YouTube:
Since the reports were published, an Air Canada spokesperson has told TechCrunch that it uses “customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips.”
According to Air Canada, this information “includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not – and cannot – capture phone screens outside of the Air Canada app.”
Abercrombie and Fitch has also responded to the claims, saying that its use of Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.”
Android users aren’t safe either; last year Gizmodo reported that some Android apps were also recording user’s interactions with their apps.
While many of us expect that apps may capture some of our data, it may come as a surprise that many are routinely recording our screens, with the potential for our sensitive data to be exposed.