Popular iPhone Apps Are Secretly Recording Your Screen Activity

Privacy is a big deal for many people around the world and many of the devices that we use do a poor jobs of protecting our data. Amazon, for instance, has been in hot water for sharing Alexa data and voice recordings with other users by mistake. Major tech firms have been caught up in privacy issues, particularly Facebook, with privacy violations that could result in record-breaking FTC fines. A report has now surfaced that many major companies with iPhone app are using a service that records every swipe and tap that the user makes without first asking for permission.

iphone colors

Among the apps allegedly recording your interactions with them are apps from Hotels.com, Singapore Airlines, and Abercrombie & Fitch among others. Those apps all reportedly use a customer service analytics firm called Glassbox that allows the developer to embed "session replay" technology into the apps. Session replay allows the developers to record the screen and play the recordings back to see how the user interacted with the app.

The idea is that by playing back user sessions, the developers can figure out if something on the app isn't working or if there was an error of any sort. The problem for those concerned about privacy is that the feature records all screen activity and sends it back to developers and never asks for permission to do so. Air Canada has an iPhone app that uses this sort of replay tech, and it was found recently that the app wasn't masking the session replays when they were sent and exposed credit card data and passport numbers. AirCanada's data breach exposed details on 20,000 profiles.

TechCrunch reports that it asked The App Analyst to look at some of the Glassbox apps, and while not every app was leaking masked data, none of the apps said they recorded the user's activity and sent it to Glassbox. The App Analyst also said that he would be "shocked" if Glassbox hadn't already had instances where they captured sensitive banking information and passwords.