Many popular iPhone apps–including Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines–are using a technology called “session replay” from customer experience analytics firm Glassbox to record everything you do on your iPhone when using their app, reports TechCrunch.
Using Glassbox’s session reply technology, app makers can see every tap and swipe you make. Keystrokes are also recorded and any text you write is captured as well, though text inputs are usually masked so as to hide sensitive information like credit card or passport numbers. However, TechCrunch found that not all apps that are using Glassbox’s tech are masking data fields properly, leaving sensitive information exposed in the screen recordings. And since all screen recordings go back to the app developer through Glassbox’s servers, anyone at the company with access to those servers could potentially see a user’s unmasked personal data.
What’s worse is that Glassbox does not require app developers that use its screen recording technology to make users aware their movements in their app are being recorded–and no app TechCrunch looked at voluntarily revealed that it was recording users’ screens.
To be fair to Glassbox, they aren’t the only analytics firm to make this kind of technology available to app developers. However, the fact that users aren’t made aware that their screens are being recorded feels like a massive invasion of privacy. As for Apple, it’s baffling that the company doesn’t have restrictions against this kind of tech–or at least forced notifications alerting users when an app is using analytics technology to secretly record a user’s screen. Hopefully that is something that will change soon.