Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes….. With No Way To Detect That It Is Happening

A rather scary report from TechCrunch details that popular iPhone apps may be secretly recording your screen for analytics purposes. As in they captures detailed data like taps, swipes, and even screen recordings without your knowledge. These apps use an API (application programming interface) called Glassbox to do this and details on what they do can be found here. Apps that are known to do this include:

  • Abercrombie & Fitch
  • Hotels.com
  • Air Canada
  • Hollister
  • Expedia
  • Singapore Airlines

So if you have any of those apps on your phone, I’d be wondering if they should stay on your phone. That’s because in the case of the Air Canada app, it doesn’t properly mask data that’s recorded. Which means it is exposing information like passport numbers and credit card information. Which makes this a good time to point out that Air Canada was recently pwned by hackers with their app being the source of the pwnage of passport data among other types of data. So clearly the fact that a company could record your screen secretly has huge ramifications.

What makes this worse is that all of the apps have a privacy policy, but not one makes it clear that they’re recording a user’s screen. Not only that, iOS doesn’t alert you that this is going on with a dialog box that states an app wants control of the screen. Which means if this had not hit the news, nobody would ever know this was going on. But now that this is out there, you can expect a lot of people to start asking questions. And that will likely include Apple as I am going to go out on a limb and say that they’re going to look at what Glassbox does and come up with counter measures to it. In the meantime, these guys aren’t the only ones doing this:

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

Thus, consider yourself warned. And hopefully someone comes up with a way to identify apps that use this tech so that I can punt them off my phone forever.

UPDATE: Here’s a video that shows what the Air Canada app records:

One Response to “Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes….. With No Way To Detect That It Is Happening”

  1. […] I told you about popular iPhone apps using an API that recorded your screen without your knowledge and your […]

Leave a Reply

%d bloggers like this: