Popular iPhone Apps Found to be Recording Users Screen Without Permission

In an age where our privacy has essentially become a worthless modicum of what it once was, a new investigation conducted by TechCrunch affirms this very notion. The investigation revealed that apps using an analytics company, called Glassbox, were recording and storing data, while potentially compromising sensitive data.

Several popular phone applications were found to be using this privacy-threatening company, including Hotels.com, Expedia, Abercrombie & Fitch, and others in the banking, airlines, and cell phone carrier industries. The apps, as reported by TechCrunch, were using what’s called “session replay” technology. This process allows developers to search for potential issues the user may experience while using the app, giving them the ability to record the users screen.

A researcher, known as the App Analyst, showed the process in a video in which sensitive data, like passwords and credit card numbers, were at risk. In a screenshot taken using the Air Canada app, the App Analyst was able to display how the app uses Glassbox to glean users data without using proper measures to protect sensitive information. These screenshots in the video above show how the app uses black redaction over the text to obscure private information. This, however, is proven to be ineffective, as data collected by Glassbox shows the sensitive information in plain sight, without black bar redaction.

A spokesperson for Air Canada responded to TechCrunch, stating, “Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips. This includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not—and cannot—capture phone screens outside of the Air Canada app.”

The technology used by companies like Glassbox may be useful to app developers who want to make their product best suited for its users, but the fact is, it jeopardizes users’ data in the process.