Another big security and privacy article from TechCrunch. This time, Zack Whittaker has written about several iOS apps that are secretly recording the screen without permission:
Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.
I’m not sure I quite understand how this is possible on iOS, but in addition to booting these titles from the App Store, Apple should work to close whatever loophole they are using.
Update: A day later, Apple has responded to this:
Apple is telling app developers to remove code that allows them to effectively record how a user interacts with their iPhone apps — or face removal from the company’s app store, TechCrunch can confirm.
In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.
Boom.