“iPhone users have no idea that many iOS apps are secretly tracking every tap, swipe and even taking screenshots”
According to a report from TechCrunch, several iOS apps are recording every tap and swipe made by a user. These apps do not need to ask for your permission and users have no idea this is happening. Yes, a lot of apps do collect user data, but they ask the permission and you can deny them from collecting any information. However, the report states that several apps are collecting data that tell them how you use their apps.
iOS apps from major companies such as Hollister, Expedia, Air Canada, Hotels.com, Abercrombie & Fitch, and many more, are using services from Glassbox that make this possible. Glassbox is a firm that provides something known as ‘Session Reply’ that can allow apps to record the screen. The developers can then go through the recorded sessions to find out how its customers use the app. This helps the developer to figure out what works and what doesn’t.
The service records taps, keyboard inputs, swipes and also takes screenshots. It will then send all the data back to the developer. This isn’t the worst part though. As per the report, apps using these services are supposed to mask sensitive fields such as passwords, credit card details, etc. However, it was found that such fields are visible in screenshots. This gives the developers, and anyone who has access to the screenshots, the ability to view passwords, credit card information and other data.
Screenshots revealing password and credit card details from Air Canada (seen above) were discovered by The App Analyst, who said that the Airline company did not mask certain sensitive information. Air Canada had recently faced a breach where almost 20,000 profiles were compromised. After the report was published by TechCrunch, Air Canada sent a response confirming that it does use Glassbox services and takes screenshots within the app. A few other companies such as Hollister and Abercrombie also said that it uses Glassbox, but did not talk about session replays. There are plenty of other services that provide such replays to app developers, but brands continue to not inform the users of such activities.