App developers deploy session replaying to see how you interact with their apps, a report claims
A bunch of popular iOS apps may be recording every move you make on their app. These apps have been found to literally record your iPhone screen, without asking for your permission or notifying you about it. According to TechCrunch, several popular iOS apps use Glassbox, an analytics company, to deploy session replaying into their apps. The technology can record every action a user takes on an app, including entering sensitive financial information. None of these apps need user permission to record users' screens.
Popular iOS apps such as Air Canada and Expedia were found to be recording user actions via Glassbox analytics. TechCrunch claims it found several apps from hotels, travel websites, airlines, banks, and others that didn't clarify if they were collecting such data and what they were going to do with it.
The session replay technology enables app developers to record users' every single tap, keyboard entry, button push, etc. However, the data is captured only while a user is within the app.
Apps like Singapore Airlines and Hotels.com also use Glassbox's session replay technology in their apps. These replays allow app developers to record their users' screens and play them back to see how they interacted with the app. On the surface, it seems like a useful developer feature but not all apps were found to be masking users' data, exposing sensitive financial information.
Once a user's session is recorded on the device, it is sent back to the app developer. In the case of Air Canada's iOS app, The App Analyst - a mobile expert cited by TechCrunch - found that the company was clearly exposing passport numbers and credit card information in each session replay being sent back. This means anyone with access to these replays can access sensitive information.
Air Canada had earlier reported that its mobile app had suffered a data breach which affected 20,000 users. The breach leaked passport numbers and other sensitive data.
TechCrunch further added that none of the apps involved in capturing all this data discloses it to their users, even if they're doing it simply for analytics purposes. There may be several other apps that do the same.
While apps that are submitted to the iOS App Store need to carry a privacy policy, TechCrunch didn't find any of the apps the company reviewed mentioning screen recording in their policies. There's literally no way a user can know their screen was being recorded all this time.
App developers use tools from a number of analytics companies and Glassbox isn't the only company that offers session replaying. While collecting user data purely for creating better apps makes sense, it's also important that users are aware how much of their sensitive data could be escaping their device.
Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.