Earlier this week, TechCrunch discovered that multiple iPhone apps from some large companies are reportedly using a “session replay” software from a company called Glassbox to record users’ actions without their consent.
Apps from Expedia, Air Canada, Abercrombie & Fitch, Hotel.com, Hollister and Singapore Airlines all are among some the companies mentioned in TechCrunch report, which was released on Wednesday (Feb.6th).
The report states that Glassbox’s session replay technology allows apps developers to record every single screen tap and swipes users’ make while interacting with their apps.
Screen recording code
However, on Thursday (Feb.7th), Apple informed app developers that this kind of screen recording analytics code needs to be clearly disclosed to customers or removed from the iOS apps store.
“Protecting user privacy is paramount in the Apple ecosystem,” Apple said, according to TechCrunch. “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.”
According to the report, one developer was told by Apple to remove the code that recorded its users’ app activities.
In an email sent to a developer, Apple said: “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
Apple gave the developer in question less than one day to remove the code and resubmit their app or the app would be removed from the app store, the email said.
Data is “highly secured and encrypted”
In response to the TechCrunch report, Glassbox released a statement, denying that its clients are “spying” on consumers, saying that it “provides its customers with the tools to mask every element of personal data”.
In addition, the company said it doesn’t share information with third parties and that all the data it collects is “highly secured and encrypted”.
Ilia Kolochenko, CEO of web security company, High-Tech Bridge, said: “In many countries, such deceptive practices are unlawful and may trigger harsh legal ramifications, from individual lawsuits and class actions to regulatory financial penalties.
“However, in many cases, the app users are not completely blameless – many don’t even bother reading apps’ terms of usage and blindly grant any permissions requested by the app.”