These Mobile Apps Could Be "Stalking" Your Every iPhone Move

Judy Cobb
February 9, 2019

These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it.

The software is created to enable companies to figure out why the app malfunctions but, as TechCrunch notes, the fact that it's hidden from users suggests the app developers realize exactly how invasive it is.

Following the widespread media coverage, Apple has told app developers to disclose the screen recording behavior in a proper manner or completely remove this functionality.

In both cases, experts are calling on tech companies to be more transparent about the data they're collecting and how they're using it. Companies utilize Glassbox to record user sessions to let developers see how an app is used, to get feedback on changes and errors.

Glassbox's software records activity so that companies can redesign their apps for the best user experience. Unfortunately, the feature can also be exploited by app developers to secretly record your activities.

In some cases, these recordings did not adequately mask sensitive user data, which included passport numbers, credit cards and other data.

JLR suffers worst quarterly loss - RM17.9 bil in Q4 '18
PB Balaji, CFO, Tata Motors , said , "The 4-7 percent guidance was for the period between FY20 and FY22". Excluding the one-off accounting charge, JLR lost £273m before tax during the last quarter.

In theory, Glassbox's services come with screen masking, which should occlude on-screen sensitive information with black bars. Air Canada's official app is one of those potentially failing to secure the data, and it's believed that many more could expose sensitive details, like email addresses.

"I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with", said The App Analyst.

While the analysis of screen data may appear to be a legitimate, if creepy, area in data analysis with other several firms in the mix such as Appsee and UXCam, TechCrunch found pressing issues that violate nascent data privacy rules.

Also, Apple will be checking for screen recording code more often before the developers submit their apps to the App Store, to weed out the privacy-invading code.

Hotel.com's policy does not mention recording users' screens, nor does Expedia's. TechCrunch's comprehensive investigation mentions a specific analytics firm called Glassbox as being used by most travel apps for this goal.

Among other companies, sending their "session replays" to Glassbox were Hollister and Abercrombie & Fitch, while Expedia and Hotels.com chose to send them to their own domain server. None of the apps in question mention session replays in their privacy policies, either. The goal is allegedly the same, to see how customers interact with apps, to study their use of it, and, supposedly, to improve it. In addition, Glassbox said the data they capture is "highly secured, encrypted, and exclusively belongs to the customers" the company supports.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER