Apple has a significant role on data privacy when compared to its competitors. But, recent developments have stated otherwise that some of the popular iPhone apps record the way you interact with their apps. This may include using technology to record your taps and swipes when you’re in the app. The collected data is then forwarded to the app developers who then utilise this knowledge to make their app experience better.
The popular apps, in question, include major company apps like Air Canada, Hollister and Expedia. Despite all the special permissions and restrictions present in Apple devices to prevent such privacy breaches, these apps are able to bypass all because of one firm – Glassbox.
Glassbox is a customer experience analytics firm which uses technology to bypass the privacy protection of various devices and forward the information to their respective clients. If they are able to bypass the stringent privacy laws of Apple, they must be really good at their jobs.
The overall activities of the users of those apps are recorded through a technology called “screen replay“. This technology allows the recording of the screen every time the app is interacted with. Therefore, whenever the user taps or swipes in-app, the app takes a screenshot of it, without permission, and stores it. The data is sent back either to the Glassbox cloud or one of the servers of their clients.
Whenever there is a privacy breach, there are bound to be a ton of problems, either potential ones or some which have already occurred. In this case, some of the sensitive data involved also include screenshots of decrypted card numbers along with other information. Therefore, these app developers may be having access to your sensitive financial information without you having any knowledge about it.
Some apps claim to mask the sensitive data, such as card numbers, to prevent misuse. But there must be a lot of incidents where the data isn’t properly masked, making the user vulnerable.
Coincidentally, this is exactly how these privacy breaches were revealed. It all began when the App Analyst found out that the iPhone app of Air Canada wasn’t properly masking the session replays while sending them to the developers. Due to this, the sensitive financial information stood exposed. After a lot more digging, several other apps came up who used GlassBox to record user activities. What’s even more infuriating is the fact that none of these apps took any permission for such screen recordings in their privacy policies. The only defence that apps like those of Expedia and Hotels.com had was that they claimed the recorded data to be obfuscated. Thus, they were claiming that they were doing everything they could to prevent their data from being misused. This is after the fact that they themselves were misusing the user’s data. Irony abounds.
Despite Apple CEO Tim Cook bashing the privacy policies of rivals like Google, his company isn’t much better off either. This is not the first time that iPhone apps have been misusing data from its users. It was only in September last year that several popular iPhone apps were caught sending user location data to monetization firms. If this trend continues, Apple might find itself on the receiving end of a fine like Google did, not to mention a large amount of bad PR for the company. Considering how the current global climate is regarding privacy right now, it will be foolish of them to not take such a matter more seriously.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
