Several popular iPhone apps have been caught recording users' screens despite never asking for permission, TechCrunch reports. The latter employ Glassbox - a platform is created to capture, record, analyze, and replay digital sessions with customers - via their apps.
Many companies have been reported to "digitally stalk" users, without their permission, collecting data and in some cases monetizing it.
Specific apps such as the aforementioned Singapore Airlines and Hotels.com have apparently been collecting user data through the hiring of a data analytics firm known as Glassbox. This technology allows every tap, button push, and keyboard entry to be recorded and sent back to the app developments. They could also use this data in aggregate to see how people are using the app and which features they're using.
This is worrying, because some of these apps contain fields where users must input sensitive information such as passport and credit card numbers, along with other types of personal information.More news: The 2019 Mazda MX-5 Miata 30th Anniversary Edition in Photos
More news: Pet Sematary Trailer 2: Sometimes Dead Is Better
More news: Trump tipped to ban Chinese telecom equipment ahead of MWC
App Analyst looked at several apps with Glassbox software built in for TechCrunch, and found that apps such as Air Canada might be sending private data, unencrypted. This is supposed to help developers address user experience issues to improve, but it also gives them a tremendous amount of user data.
According to Tech Crunch, apps from carriers, airlines, travel sites, banks and others don't tell you that they are doing this.
Hotel.com's policy does not mention recording users' screens, nor does Expedia's. The Cupertino giant has responded to this report by demanding that developers disclose the use of this technology in their apps.
Since the reports were published, an Air Canada spokesperson has told TechCrunch that it uses "customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips".
In some cases, the session replays were sent to Glassbox, while in other cases it was sent back to company's own servers.
Such data collection isn't necessarily unusual providing the user has consented to it and the company collecting it puts in the effort to anonymise or obfuscate sensitive data that might be collected in the process. Finally, Glassbox says it provides its customers with "with the ability to mask every piece of data entered by a consumer, restrict access to authorized users, and maintain a full audit log of every user accessing the system".