default logo

Some airlines and hotel booking apps on iOS found user screens checking in – report

Apps don’t ask permission to make screen recordings, prompting Apple to take action

MANILA, Philippines – Some iOS apps have been discovered to record user screens, which are then sent back to the third-party company server, TechCrunch reported.

Recordings are made to see user behavior in a certain application. An app, for example, records what a user swipes or taps when using the app.

Some of the entities whose apps have been found to engage in screen recording include Air Canada, Hollister, Expedia, Abercrombie & Fitch, Hotels.com, and Singapore Airlines. These companies work with Glassbox, a company specializing in screen data analysis.

While screen data analysis may seem like a legitimate, albeit scary, area in analyzing data with several other companies in the mix such as Appsee and UXCam, TechCrunch has uncovered pressing issues that violate the emerging rules. data privacy.

In its investigation with its partner App Analyst, TechCrunch found that none of the apps they tested explicitly requested user permission with regards to screen recording permissions or did not. nothing in their privacy policies that points to registration activities.

The apps didn’t say they were recording the screen.

Another problem: the records reveal sensitive data. Companies, including Glassbox, promise their recordings are encrypted and automatically hide sensitive data, including keystrokes. But it’s a little hard to trust right now as records analyzed by App Analyst showed that extremely sensitive data like credit card information and passport information was not being properly masked.

Apple’s reaction

A day after TechCrunch’s report, Apple cracked down on said apps.

The company has asked developers and companies to either remove registration code from their apps or properly disclose to users that their screens will be registered. Failure to do so would merit removal from the App Store.

In Apple’s email to developers, it says, “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Applications should seek explicit user consent and provide a clear visual indication when recording, logging or other recording user activity.

Developers had less than a day to fix their apps, TechCrunch said.

Apple is known to have strict policies on data privacy and enforcement, recently removing Google and Facebook apps that used an exclusive, company-level certificate that allowed them to collect consumer data. Rappler.com