Apple has vowed to remove iOS apps that record screen data.
User data recording has become an issue of concern among the cyber-security community as the data is used to launch a variety of scams, identify customer demographics, and targeted marketing gimmicks. Mobile phone manufacturers are trying to ensure that apps that indulge in sneaky espionages are prevented from entering their official stores.
Staying true to its reputation, Apple has announced to ban those apps that perform screen recording discreetly. Moreover, Apple has instructed developers to ask for the consent of users or inform them if their apps record user screen data if it isn’t possible to entirely remove the code. In case some apps continue to secretly record screen data, Apple will ban them from the App Store.
TechCrunch along with the App Analyst reported that many prominent applications available on Apple’s App Store such as Abercrombie and Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines, etc., use session replay technology. This technology is provided by renowned data analytics firm Glassbox and the purpose of the technology is to record user’s screen data while the app is in use.
It is a common practice that companies utilize third-party analytics data to understand customer preferences, but this practice involves recording everything that a person does while using the app. This includes recording the taps, swipe, and text that the user inputs.
The world’s most valuable resource is no longer oil, but data, The Economist.
The problem is that this happens without the knowledge or consent of the user. The app also captures screenshots and transfers it to the third-party server connected with the app and many times the information includes sensitive personal data like passwords, credit card numbers, and phone number. It is worth noting that the Glassbox session replays are basically real-time videos of the way the user interacts with the app.
Some apps, explains the App Analyst, like Air Canada, don’t even properly hide the replays while transferring data to Glassbox’s or other third-party’s servers and this poses a great risk for the customer. The app was found to be sending out sensitive information like passport number and credit card number while Air Canada has recently confirmed that it was affected with a data breach exposing nearly 2,000 customer profiles.
Although TechCrunch claims that not all the apps are leaking data but none of them inform users about their capability of capturing screenshots or recording screen data. According to Glassbox, its SDK cannot “technically break the boundary of the app.”
Apple is not in any way involved in this kind of data collection because it is just the way some apps have been designed to ensure improved user experience. Most of the apps that perform such creepy tactics are hotels, airlines, banks, carriers, and travel sites related apps.
This, however, is not the first time that iOS apps have been found secretly recording your activities. In 2017, Google engineer Felix Krause discovered that any rogue app on the iPhone could use the device’s camera to spy on the user secretly. It can do it by abusing the permission by default and use both front and rear cameras for malicious purposes.