Connect with us

Mobile

Some of your iOS apps have been recording your screen without permission

“What happens on your iPhone, stays on your iPhone” really didn’t age well.

apple iphone with ios 13 apps on screen
Image: Unsplash

Whelp, Apple might claim to not be spying on you but the same can’t be said for a bunch of popular iOS apps. Whether we like it or not, almost everything we do online collects data for analytical purposes.

With existing privacy legislation like the GDPR, we’re supposed to have to consent to this data collection, be made aware that it’s happening and other things like knowing our data is stored and transferred securely.

So what happens when your data is recorded without your permission? That’s what appears to be happening with the group of popular iPhone apps investigated by TechCrunch. These apps record every single thing you do on your screen while you use the app, from touches to passwords. Often, they don’t even ask for permission to do so, a clear violation of privacy laws. The companies involved? Big names like Air Canada, Expedia, Hotels.com, and Hollister.

Tech from Glassbox was used in the apps to record “session replays”

TechCrunch dissected these apps with help from App Analystan analytics company specializing in data collection. They found that tech from Glassbox was used in the apps, which can create “session replays,” or literally everything you’ve done during the time of using the app. Ever seen a screencast? This goes way beyond that, also recording things like credit card numbers, passwords, and other types of sensitive data.

Even worse, the analysis showed that Air Canada’s app even sent those credit card details across the internet unencrypted. Any hacker who wanted to skim cards could just grab the data as it went past, perhaps with a fake Wi-Fi hotspot. TechCrunch says that none of these apps warn the users that their actions are being recorded in this way, and it’s not mentioned in the privacy policies of the companies.

Glassbox is proud of its technology

While the companies using the tech might be hiding, Glassbox itself isn’t. They are proud of their capabilities, stating: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility.”

That boasting is likely to get Glassbox in hot water with EU regulators at some point, along with all of its clients. While the data collection isn’t likely illegal, the lack of transparency and consent is. There’s also the unencrypted credit card details issue, which isn’t PCI compliant. There have been major fines in the past for this, so watch this space to see if Air Canada gets any blowback.

What do you think? Should these companies get in trouble for their data collection practices on iOS? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments
Advertisement

More in Mobile