Some popular iPhone apps may be violating Apple’s rules by secretly recording every single tap and swipe consumers make while using the apps.
The revelation comes via a TechCrunch report on Wednesday which describes how the customer analytics firm Glassbox allows its customers — which include major companies like Abercrombie & Fitch, Expedia, and Air Canada — to record user activity and use those recording to make product improvements.
Essentially, every time a user taps on the screen, pushes a button, or types on a keyboard within a specific app, that activity is screenshotted and sent to the app’s developer.
Other Glassbox customers include Hollister, Hotels.com, and Singapore Airlines, according to its website.
The recordings are apparently only activated when a consumer is inside an app that’s using the Glassbox technology, and not when the consumer is going about other business on their phones. But the practice poses problems because, as TechCrunch found, none of Glassbox’s customers make mention of screen recording in their privacy policies or iOS terms and conditions. And according to TechCrunch, Glassbox said it does not require customers to mention its usage in their terms.
TechCrunch also raised the issue of what happens when a user enters sensitive information into an app, like credit card or passport numbers. As the report discovered, Glassbox is supposed to obfuscate this information, but that doesn’t happen all the time. As a result, sensitive customer data can potentially be broadly exposed to employees responsible for a company’s app development, and vulnerable to data breaches.
The practice of screen recording is so sensitive that historically, Apple has not given third-party developers the ability to do so. That’s why users were shocked to learn in 2017 that Uber had been provided special permissions by Apple to record their screen and access other personal information without their knowledge.
Read more: Apple gave Uber’s app ‘unprecedented’ access to sensitive Apple features that can record iPhone screens
“Granting such a sensitive entitlement to a third party is unprecedented, as far as I can tell,” Will Strafach, a security researcher who discovered the Uber situation, told Business Insider at the time of the Uber situation. “No other app developers have been able to convince Apple to grant them entitlements they’ve needed to let their apps utilize certain privileged system functionality.”
Apparently, Glassbox has figured out a way around Apple, allowing its customers to embed its technology into their apps without any special permissions.
Glassbox and Apple did not immediately respond to Business Insider’s requests for comment.
- [LLODO] Billionaire CEO vows to fight for working class against Big Tech censorship
- [LLODO] Two married Texas AG prosecutors shot, one fatally, at their El Paso home
- [LLODO] Oklahoma dispatcher dies from coronavirus complications
- [LLODO] DOJ files Endangered Species Act complaint against ‘Tiger King’ star Jeff Lowe
- [LLODO] US government executes man convicted of killing Texas teen
- [LLODO] ‘Definition of a serial killer:’ Police link murder suspect to string of homicides
- [LLODO] ‘Thanksgiving Grandma’ celebrates 5th holiday with honorary ‘grandson’ — but without late husband
- [LLODO] 15 relatives contract coronavirus after birthday celebration: ‘Don’t be like my family’
- [LLODO] Wauwatosa police arrest 15-year-old in connection with mall shooting that injured 8 people