Several popular iPhone apps have been caught recording users’ screens despite never asking for permission, TechCrunch reports.
Companies including Abercrombie & Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines were found to be gathering screen data while never mentioning the capability in their privacy policies.
Some of the apps were even collecting and inadvertently exposing sensitive customer information in the process, such as data regarding passports, credit cards, and even passwords.
According to TechCrunch’s Zack Whittaker, many of the apps rely on Glassbox, a customer service analytics company. Glassbox utilizes “session replay” technology, which lets app developers record and play back screen activity for troubleshooting purposes.
A mobile device expert known as the App Analyst explained how data captured by the apps often failed to conceal private information. In the case of Air Canada, the expert found the app wasn’t masking replays from users’ screens.
“This gives Air Canada employees—and anyone else capable of accessing the screenshot database—to see unencrypted credit card and password information,” the App Analyst said told TechCrunch.
After examining the apps that relied on Glassbox, the mobile expert warned of the potential for similar data exposure.
“Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” the App Analyst added.
When asked by TechCrunch why their privacy policies failed to mention the screen-grabbing feature, each company responded with vague answers. The App Analyst argues that users can’t make decisions about their data if they aren’t properly informed.
- The best free password managers
- What’s the most secure operating system?
- How to encrypt an iPhone in seconds