Popular iOS Apps Found Recording Screens for Analytics, Occasionally Showing Sensitive Data


Many Popular iPhone apps from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers were found recording screens to analyze how users interact with their apps and to look for any errors. These apps, in most cases, don't ask or inform the user before recording or screenshotting their screens.

According to the latest report from TechCrunch, apps like Abercrombie & Fitch, Hotels.com, Air Canada and Singapore Airlines are involved in this practice. The companies behind these apps are using a service called GlassBox to check on the performance of their apps.  While sensitive data is not deliberately collected, sometimes the masking doesn't effectively work and analysts say that these companies can already have instances of data like Passport numbers and credit card information.

Glassbox is one of the customer experience analytics firm that employs “session replay technology.” This allows developers to record displays and review how users interacted with their app. “Every tap, button push, and keyboard entry is recorded" making your data vulnerable. As Glassbox states in a recent tweet:
Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility.
The apps send the recorded data to companies' servers or Glasbox's servers depending upon the developer. Quoting from TechCrunch:
The App Analyst said that while Hollister and Abercrombie & Fitch sent their session replays to Glassbox, others like Expedia and Hotels.com opted to capture and send session replay data back to a server on their own domain. He said that the data was “mostly obfuscated,” but did see in some cases email addresses and postal codes. The researcher said Singapore Airlines also collected session replay data but sent it back to Glassbox’s cloud.
Apple has been very strict with other companies found violating the laws or breaching data and has proudly said that "what goes in your iPhone stays in your iPhone". Let's see what the company has to say about the use of these frameworks.

(source)

No comments

Powered by Blogger.