- Popular iPhone apps are recording their users’ every tap and swipe, according to a TechCrunch report.
- According to the report, customer analytics firm Glass box allows its customers to record user activity without disclosing that they are doing so.
- Glassbox customers reportedly include major companies like Abercrombie & Fitch, Expedia, and Air Canada.
- Screen recording is so sensitive that historically,Apple does give third-party developers the ability to carry out the practice.
Some popular iPhone apps may be violating Apple’s rules by secretly recording every single tap and swipe consumers make while using the apps.
The revelation comes via a TechCrunch report on Wednesday which describes how the customer analytics firm Glassbox allows its customers – which include major companies like Abercrombie & Fitch, Expedia, and Air Canada – to record user activity and use those recording to make product improvements.
Essentially, every time a user taps on the screen, pushes a button, or types on a keyboard within a specific app, that activity is screenshotted and sent to the app’s developer.
Other Glassbox customers include Hollister, Hotels.com, and Singapore Airlines, according to its website.
The recordings are apparently only activated when a consumer is inside an app that’s using the Glassbox technology, and not when the consumer is going about other business on their phones. But the practice poses problems because, as TechCrunch found, none of Glassbox’s customers make mention of screen recording in their privacy policies or iOS terms and conditions. And according to TechCrunch, Glassbox said it does not require customers to mention its usage in their terms.
TechCrunch also raised the issue of what happens when a user enters sensitive information into an app, like credit card or passport numbers. As the report discovered, Glassbox is supposed to obfuscate this information, but that doesn’t happen all the time. As a result, sensitive customer data can potentially be broadly exposed to employees responsible for a company’s app development, and vulnerable to data breaches.
The practice of screen recording is so sensitive that historically, Apple has not given third-party developers the ability to do so. That’s why users were shocked to learn in 2017 that Uber had been provided special permissions by Apple to record their screen and access other personal information without their knowledge.
“Granting such a sensitive entitlement to a third party is unprecedented, as far as I can tell,” Will Strafach, a security researcher who discovered the Uber situation, told Business Insider at the time of the Uber situation. “No other app developers have been able to convince Apple to grant them entitlements they have needed to let their apps utilise certain privileged system functionality.”
Apparently, Glassbox has figured out a way around Apple, allowing its customers to embed its technology into their apps without any special permissions.
A GlassBox spokesperson told Business Insider, in part: “Glassbox customers use our solution to capture data in order to improve their respective online customer experiences and protect their customers from a compliance perspective. All captured data via our solution is highly secured, encrypted, and solely belongs to the customers we support.”
Apple did not immediately respond to Business Insider’s requests for comment.
Business Insider Emails & Alerts
Site highlights each day to your inbox.