UPDATE (08/02/2019): Apple has confirmed to the TechCrunch investigation stating their stand towards protecting users’ privacy. App developers are now being told to either remove or disclose their use of codes in their app, which screen records the users’ interaction within a particular app, under the App Store guidelines. Confirming in an email to the publication, Apple has stated that they notified the developers that are in violation of these strict privacy terms and guidelines and should take immediate action if necessary. What this means is that all the iPhone apps that are involved in screen recording without users consent would have to either remove the feature or disclose it to the users through Apple’s App Store.
Not long ago, reports were suggesting major tech giants like Facebook and Google collecting sensitive user data that include location, internet activity, app activity via several VPN apps on iPhones. Those apps were bypassing Apple’s privacy policies, and it is still speculative whether the information collected was under respective volunteered users’ consent. Despite Apple terminating the internal app certifications of those tech giants, it is still believed that few other significant apps track users data in a radically different approach.
A new report by TechCrunch revealed that notable apps belonging to airlines, hoteliers, cell phone carriers, banking and finance apps, and other travel have been collecting much more sensitive data of their users via iPhones, or you can say iOS apps. The report has stated the collected data had users interaction recorded within the respective apps that also include their gestures such as the taps and swipes. And, these were recorded as sessions without users even being unaware and without their permission, and further wasn’t mentioned in the apps’ descriptions or policies for that matter.
For instance, apps like Hotels.com and Singapore Airlines use Glassdox – a customer experience analytics firm is said to use the session replay technology into their apps, according to the report. Further, these screen recordings are sent to app developers to showcase how users have been interacting with apps via their swipe and tap inputs and keyboard types as well.
The TechCrunch report further reveals mobile experts App Analyst blog that has stated iPhone’s Air Canada app has been recording these session replays and what’s worse is that it isn’t masking those sessions that are being sent. Henceforth, passport numbers and credit card details entered during sessions have been exposed for each individual session. After testing some of the above apps mentioned, the report hints that every app wasn’t leaking this masked data, which is a relief for now.
However, this is a serious security concern for Apple, amidst its own controversial FaceTime bug that has surfaced lately, and has been temporarily fixed. Having more severe and guarded Apple’s App Store policies and specifying of such activity in the respective Apps’ policy would certainly make the consumer more aware of what they are giving away about them through these iPhone or iOS apps.