• Home
  • Apps
  • Apps News
  • Popular iPhone Apps Said to Be Secretly Recording Your Screen, Capturing Sensitive Data in the Process

Popular iPhone Apps Said to Be Secretly Recording Your Screen, Capturing Sensitive Data in the Process

Share on Facebook Tweet Share Reddit Comment
Popular iPhone Apps Said to Be Secretly Recording Your Screen, Capturing Sensitive Data in the Process

App developers deploy session replaying to see how you interact with their apps, a report claims

Highlights
  • Several top iPhone apps use session replaying, but don't inform users
  • Some of these apps were sending back data without masking it
  • Sensitive information such as credit card numbers are also recorded

A bunch of popular iOS apps may be recording every move you make on their app. These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it. According to TechCrunch, several popular iOS apps use Glassbox, an analytics company, to deploy session replaying into their apps. The technology can record every action a user takes on an app, including entering sensitive financial information. None of these apps need user permission to record users' screens.

Popular iOS apps such as Air Canada and Expedia were found to be recording user actions via Glassbox analytics. TechCrunch claims it found several apps from hotels, travel websites, airlines, banks, and others that didn't clarify if they were collecting such data and what they were going to do with it.

The session replay technology enables app developers to record users' every single tap, keyboard entry, button push, etc. However, the data is captured only while a user is within the app.

Apps like Singapore Airlines and Hotels.com also use Glassbox's session replay technology in their apps. These replays allow app developers to record their users' screens and play them back to see how they interacted with the app. On the surface, it seems like a useful developer feature but not all apps were found to be masking users' data, exposing sensitive financial information.

Once a user's session is recorded on the device, it is sent back to the app developer. In the case of Air Canada's iOS app, The App Analyst - a mobile expert cited by TechCrunch - found that the company was clearly exposing passport numbers and credit card information in each session replay being sent back. This means anyone with access to these replays can access sensitive information.

Air Canada had earlier reported that its mobile app had suffered a data breach which affected 20,000 users. The breach leaked passport numbers and other sensitive data.

TechCrunch further added that none of the apps involved in capturing all this data discloses it to their users, even if they're doing it simply for analytics purposes. There may be several other apps that do the same.

While apps that are submitted to the iOS App Store need to carry a privacy policy, TechCrunch didn't find any of the apps the company reviewed mentioning screen recording in their policies. There's literally no way a user can know their screen was being recorded all this time.

App developers use tools from a number of analytics companies and Glassbox isn't the only company that offers session replaying. While collecting user data purely for creating better apps makes sense, it's also important that users are aware how much of their sensitive data could be escaping their device.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Harpreet Singh Harpreet is the community manager at Gadgets 360. He loves all things tech, and can be found hunting for good deals when he’s not shopping online. More
Microsoft Build Developer Conference to Be Held From May 6
NASA, SpaceX Now Aim for March Test of First New 'Dragon' Astronaut Capsule
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.