Specific apps such as the aforementioned Singapore Airlines and Hotels.com have apparently been collecting user data through the hiring of a data analytics firm known as Glassbox. Along with this, it also takes screenshots of the same. These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it.
The software created by Glassbox is being used to capture user activity within apps, including taps and swipes, but also to record what's happening on the screen for more in-depth analytics.
Or, as Glassbox said in a recent tweet: "Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?"
This is worrying, because some of these apps contain fields where users must input sensitive information such as passport and credit card numbers, along with other types of personal information. As "The App Analyst" recently discovered, Air Canada wasn't properly masking these replays before transmitting, putting customer data at risk. Any Air Canada employee with access to the screenshot database can readily see all of this data, making it vulnerable.
As 9to5Mac noted, services like Glassbox have been around for a while, but Apple has yet to bring down the hammer; other companies that provide similar services named by TechCrunch included UXCam and Appsee.
According to the expert, not every app was leaking masked data. So, not too bad. None of these apps need user permission to record users' screens.
Another problem: the recordings reveal sensitive data.
App analysts have already predicted that since all of the apps listed above use Glassbox, there is the possibility that sensitive banking information and passwords have already been captured.
The recordings are made to see user behavior within a certain app.
When it comes to App Store and Apple's policies, the privacy policies of these apps don't mention recording the user's screen. So really, there's no way to know. "However, Air Canada does not-and cannot-capture phone screens outside of the Air Canada app", a spokesperson for Air Canada told TechCrunch.
When asked by TechCrunch why their privacy policies failed to mention the screen-grabbing feature, each company responded with vague answers.
An Expedia spokesperson told Fox News that "Expedia Group brands are not actively using Glassbox services on any of our native applications for iOS or Android". While they may provide a useful service to app makers by helping fine-tune their products, it isn't a great look that those apps aren't disclosing to their users that they're snapping screenshots of their every move.
From a user experience perspective, this makes sense. These aren't fake apps, but legit ones representing some of the most popular businesses in the hotel, travel, banks and airlines industries, which makes this matter even more concerning.
"I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with", said The App Analyst.
- 2018 fourth hottest year on record
- Possible MLB rule changes may have little effect on Pirates
- Trump's diet plan not followed 'religiously'
- $900m drug bust exposes Mexico-Australia cartel ties
- News The Mazda MX-5 30th Anniversary Is Very Orange, Very Awesome
- England's injured Itoje ruled out for France and Wales matches
- Massachusetts Court Upholds Michelle Carter's Conviction
- Rajini’s Daughter Second Wedding Is Buzzing
- Albert Finney dead: Celebrated actor dies aged 82
- Florida politician resigns over accusations she licked men's faces