“Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps,” Zack Whittaker reports for TechCrunch. “In most cases you won’t even realize it. And they don’t need to ask for permission.”
“TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps,” Whittaker reports. “Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.”
“Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed ‘session replay’ technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers,” Whittaker reports. “The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session.”
Read more in the full article here.
MacDailyNews Take: If session replay, which has legitimate uses, is being used in an app, the app’s users should be clearly informed and asked for their consent.
Privacy means people know what they’re signing up for, in plain English, and repeatedly. I’m an optimist; I believe people are smart, and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you’re going to do with their data. — Steve Jobs