Popular iPhone Apps Secretly Record Your Screen for Analytics
Multiple popular iPhone apps from major companies are using intrusive analytics services that capture detailed data like taps, swipes, and even screen recordings without customer knowledge, reports TechCrunch.
Apps that include Abercrombie & Fitch, Hotels.com, Air Canada, Hollister, Expedia, and Singapore Airlines are using Glassbox, a customer experience analytics firm that lets developers use “session replay” screen recording technology within their apps.
[…]
Some apps, such as Air Canada, don’t properly mask data that’s recorded, exposing information like passport numbers and credit card information. Air Canada employees with access to the screenshot database can readily see this data.
Previously: Apple Granted Uber a Background Screen Recording Entitlement.
Update (2019-02-08): Zack Whittaker:
Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the app store, TechCrunch can confirm.
[…]
TechCrunch began hearing on Thursday that app developers had already been notified that their apps had fallen afoul of Apple’s rules. One app developer was told by Apple to remove code that recorded app activities, citing the company’s app store guidelines.
“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” Apple said in the email.
Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store, the email said.
I’ve never talked about this before, but the only relevant sponsor who I’ve ever turned down for iOS Dev Weekly was a company focused on in-app screen recording analytics. It was a few years ago now and I had no idea this was even a thing at the time. I just couldn’t believe that they were doing it and they were incredulous that I had a problem with it. It made me really angry. Looking at the client list on their site was shocking too. Your screen is almost certainly being recorded by some of the apps on your phone. I didn’t want to support that, and I didn’t take their money.
The irony is that in a past job I had, the company I worked for used one of these screen recording analytics tools and I was asked to look at the results as part of my job. I protested and made a case they they should remove it from their app, but I failed and as far as I know they continue to do it. The irony? To my annoyance, the data collected from that tool was incredibly useful, and I found at least one really hard to reproduce bug because I could watch it happen for a user. Even so, I never felt comfortable with it and was happy to put it behind me.
Update (2019-02-12): Zack Whittaker (Hacker News):
In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.
I think Apple’s doing the right thing here, and it’s an impressive display of what the App Store review team can analyze, but given that this has been going on for years, I think 24 hours notice over a weekend is a bit drastic.
2 Comments RSS · Twitter
FullStory does the same with websites. It's in use all over the web.
The problem here is that there is NO WAY to report "bad" apps to Apple. Zero. They have all of these rules for the App Store, but when you find an app that violates them there's no mechanism to report it. Why not?!