Some Popular iOS Apps Discovered to Secretly Record Your Screen For Analytics

Masking sensitive data sometimes failed in Air Canada session replays

Masking sensitive data sometimes failed in Air Canada session replays

Apple has investigated claims that some iOS apps secretly record your screen as you use them, telling developers that use such code that they could be removed from the App Store.

The analytics services that several popular iOS applications are now using power actions like screen recording without user knowledge, according to a recent discovery. It allows companies to integrate their screen recording technology in their apps to reproduce how the user interacts with the apps. The developer can "play back" your usage of the app, which is particularly useful if you encountered a problem.

Using Glassbox's session reply technology, app makers can see every tap and swipe you make.

First, let's make this clear: iPhone and iPad apps can't record everything you do on your phone's screen.

Many app developers use an analytics firm called Glassbox to capture this data. The technology is used to capture numerous screenshots during a user's session with the app.

Some of the other apps mentioned in the publication's report include Abercrombie & Fitch, Expedia,, Singapore Airlines and more. Although he reportedly said the data was "obfuscated", he did see email addresses and postal codes in a few instances.

As TechCrunch notes, The App Analyst recently demonstrates that Air Canada wasn't properly "masking" session replays, exposing credit card details and passport numbers to people who replayed the session. There's literally no way a user can know their screen was being recorded all this time. But there was no clarity on where in Abercrombie and Hollister's privacy policies it is mentioned of screen recording. Screenshots are sent back either directly to the company's servers or Glassbox's cloud.

Freaky First Trailer for New 'Child's Play' Movie Starring Aubrey Plaza
Instead, the remake was overseen by writer Tyler Burton Smith and Norwegian director Lars Klevberg. Though we don't get a good look at the titular doll, we do see some of his handiwork at play.

An SIA spokesperson said, "The data we collect is in accordance with our privacy policy which includes the use of customer data for testing and troubleshooting issues".

Last August, Air Canada alerted mobile users 20,000 profiles "potentially have been improperly accessed," asking all 1.7 million users to reset their passwords.

Following the widespread media coverage, Apple has told app developers to disclose the screen recording behavior in a proper manner or completely remove this functionality.

The other companies did not respond to requests for comment from the tech news site.

Most companies will say, when asked, that they're only using your data to improve your experience.

"No data collected by Glassbox customers is shared with third parties, nor enriched through other external sources". Glassbox isn't the only company offering services of this sort, and while none of them are seemingly malicious, we don't know if they're trustworthy.

Earlier, the apps tend to record the cookies, user data for the sake of analytics and monetization.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.