Saturday, 23 February, 2019

Several iPhone Apps Recording User Screen Taps & Swipes Without Their Permission

Some iPhone apps are recording what you do according to a report.                  Angela Lang  CNET Some iPhone apps are recording what you do according to a report. Angela Lang CNET
Sherri Watson | 09 February, 2019, 06:57

The software is supposed to protect the sensitive data in these screenshots, however, a recent investigation by the AppAnalyst discovered that Air Canada's app wasn't always doing so properly. These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it.

In Apple's email to developers, it said: "Your app uses analytics software to collect and send user or device data to a third party without the user's consent".

Air Canada and Glassbox announced a partnership back in the fall of 2017, to use the latter's analytics platform within the airline's mobile app.

The iPhone app of Air Canada, analysed by mobile expert the App Analyst, has been reported to expose personal date during "session replays", including passport numbers and credit card information of users. None of the apps in question mention session replays in their privacy policies, either.

Masking sensitive data sometimes failed in Air Canada session replays.

"This gives Air Canada employees - and anyone else capable of accessing the screenshot database - to see unencrypted credit card and password information", TechCrunch was told.

While the analysis of screen data may appear to be a legitimate, if creepy, area in data analysis with other several firms in the mix such as Appsee and UXCam, TechCrunch found pressing issues that violate nascent data privacy rules. So, not too bad. These are effectively screen recordings extracted from users without their express consent. But, let's be honest: Even if apps warned you in their privacy policies, would you even notice? App developers are now being told to either remove or disclose their use of codes in their app, which screen records the users' interaction within a particular app, under the App Store guidelines. So really, there's no way to know. Some iOS apps, many of which are very popular, apparently secretly record a phone's display for analytical reason. Neither did Singapore Airlines.

Tech Crunch reached out to these companies where in their privacy policy does it says that they recording this data but only one company responded.

Abercrombie said the "session replay" technology helps create "a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience". Sadly, Glassbox is hardly the only one of its kind and that app analytics industry isn't going away any time soon.

Using Glassbox's session reply technology, app makers can see every tap and swipe you make.

From a user experience perspective, this makes sense.

This means that every tap, button push and keyboard entry is recorded, screenshotted and sent back to the app developers.

Apple has now taken notice and will require apps to get user permission before collecting this type of data. Google is yet to comment, although its own rules are similar to Apple's: "Apps must not hide or cloak tracking behaviour or attempt to mislead users about such functionality", they contain.

"No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources".

What does SIA do with your data?