• The DigitalBank Vault

iPhone Apps secretly record your screen without asking



Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.


You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.


Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.


Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.


We developed our own hardware ( memory chips and cells) , our own firmware (operating system) , our own software , our own end to end encryption technology and this is what makes the stealing of information from the DigitalBank Vault virtually impossible and guarantees the privacy of your communication.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”


The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.


Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen. Glassbox doesn’t require any special permission from Apple or from the user, so there’s no way a user would know.


Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either.


We asked all of the companies to point us to exactly where in its privacy policies it permits each app to capture what a user does on their phone.


Abercrombie responded, confirming that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.” The spokesperson pointing to Abercrombie’s privacy policy makes no mention of session replays, neither does its sister-brand Hollister’s policy.


After this story published, Air Canada responded: “Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips,” said a spokesperson.” This includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not—and cannot—capture phone screens outside of the Air Canada app.”


Later, Singapore Airlines emailed back, saying the data it collects is “in accordance with our privacy policy which includes the use of customer data for testing and troubleshooting issues,” and is “specified under Clause 3 of our privacy policy.” We checked again, but found nothing of the sort.




0 views

DigitalBank Vault Limited

Irish Square, Upper Denbigh Road, 

St Asaph Denbighshire LL17 0RN, UK

Company number 11988551

(Limited Liability Registered in UK & Wales)

International Calls & Whatsapp  : +372 57347873

 

Contact Email : team@digitalbank.capital  

Telegram : @timothyweiss 

LinkedIn:  http://linkedin.com/in/moty-weissbrot-42bb06162

 

ASIAN Head Office 

Seoul (Republic of Korea) - Mr. KT Lim

+82 103159 8222

founder@teracon.io