Many popular iPhone travel, hotel, airline and retail apps are violating Apple’s rules by secretly recording every single tap and swipe users make without their knowledge or consent.
The startling revelation was made in a TechCrunch report which describes how the customer analytics firm Glassbox gives leeway to its customers – including major companies like Expedia, Abercrombie & Fitch, Air Canada, Hotels.com, and Singapore Airlines – to record users’ on-screen activity and use those recordings for product improvements.
Activities are screenshotted and sent to app developers every time a user types on a keyboard, taps on the screen, or pushes a button within a specific app. The recordings are allegedly only activated when a user is inside an app which uses the Glassbox technology, and not when the user is going about other business on their iPhones.
However, the practice raises serious questions because none of Glassbox’s aforementioned customers make mention of screen recording in their privacy policies or iOS terms and conditions.
Furthermore, the TechCrunch report also mentions what happens when a user enters their personal information such as credit card or passport number into an app.
The report discovered how Glassbox is supposed to obfuscate this information, but fails to do so most of the time leaving sensitive customer data vulnerable to data breaches.
Interestingly, Apple has not given third-party developers the permission to record screen activities of users on iPhone. Which is why in 2017, many users were shocked to learn that Uber was granted special permissions by Apple to record their screen behaviour as well as access personal information without their consent.
While it may not come across as surprising that many companies collect data or personal information, it does highlight how large corporations exploit the lack of understanding most mobile users have around data collection, privacy, and app analytics.