IOS apps are secretly recording screens without permission [atualizado: Apple responde]

If the sense of security of the users of the iOS decreased after Ma's mobile system apps stole and monetized its customers' data, now the situation has worsened: many apps have recorded (and recorded) everything users do on the device's screen without permission, as reported. TechCrunch.

Most of the time, this software belongs to big American companies, like Abercrombie & Fitch, Hotels, Expedia, Hollister, among others. By analyzing how these apps were able to record the screen of iOS devices, TechCrunch noticed that everyone used the Israeli services Glassboxis a customer experience analysis company.

Glassbox explicitly discloses that its invasive customer experience analysis method involves screen shots of its customers' apps. O session replay, as called, sends the logs to the Glassbox server, which then analyzes them to see how users interact with certain applications.

According to the Analyst App, a company specializing in digital security, not all apps using the Glassbox software development kit reveal users' personal data (most of the time, that information is automatically overshadowed). However, there are cases where customers' home addresses and email addresses are visible.

In the case of the app Air Canada (the largest airline in the country) this is even worse, as pointed out by App Analyst. This is because the company does not mask personal information entered by users, such as passport numbers and credit card information, so employees who have access to the footage can view this data as often as they like. 😳

<img data-attachment-id = "655931" data-permalink = "https://.uol.br/post/2019/02/07/apps-para-ios-estao-secretarily-wrapping-tables- no-permission / 07-screenshot-air-canada / "data-orig-file =" https://.uol/wp-content/uploads/2019/02/07-captura- de-tela-air-canada.png "data-orig-size =" 1400,965 "data-comments-opened =" 1 "data-image-meta =" {"aperture": "0", "credit": "", "camera": "", "caption": "", "created_timestamp": "0", "copyright": "", "focal_length": "0", "iso": "0", "shutter_speed ":" 0 "," title ":" "," orientation ":" 0 "}" data-image-title = "User data registered by the Air Canada app" data-image-description = "

https://techcrunch/2019/02/06/iphone-session-replay-screenshots/

"data-medium-file =" https://.uol/wp-content/uploads/2019/02/07-captura-de-tela-air-canada-600×414.png "data-large- file = "https://.uol/wp-content/uploads/2019/02/07-capture-of-screen-air-canada-1260×869.png" src = "https: // . uol.br/wp-content/uploads/2019/02/07-captura-de-tela-air-canada.png "alt =" User data registered by the Air Canada app "width =" 1400 "height =" 965 "class =" alignnone size-full wp-image-655931 "style =" width: auto; max-height: 700px; "srcset =" https://.uol.br/wp-content/uploads/2019/02/07-captura-de-tela-air-canada.png 1400w, https: / /.uol.br/wp-content/uploads/2019/02/07-captura-de-tela-air-canada-300×207.png 300w, https://.uol.br/wp- content / uploads / 2019/02/07-screenshot-air-canada-600×414.png 600w, https://.uol/wp-content/uploads/2019/02/07-captura canada-screen-air-canada-1260×869.png 1260w, https://.uol/wp-content/uploads/2019/02/07-capture-of-screen-air-canada-230×160. png 230w "sizes =" (max-width: 1400px) 100vw, 1400px "/>

Since this data is often sent back to Glassbox's servers, I wouldn't be shocked if they had already captured sensitive bank information and passwords.

As the TechCrunch He pointed out, all apps have a privacy policy but none of them make it clear that the device screen will be recorded during use (you know there all the time, too). Among the companies mentioned, only Abercrombie and Air Canada explained the use of session replayby stating that the Glassbox feature helps support a seamless shopping experience, allowing you to identify and resolve any issues customers may encounter in their digital experience.

Glassbox, in turn, has stated that it does not require special permission from Apple or the user to record the screen; that is, without checking the information of a software, there is no way to know if it is actually capturing the information from your screen. In general, this practice is performed by many developers not only on iOS, but on the web and other mobile platforms.

Regardless, the fact that this is a form of privacy breach and Apple still needs to limit (or suppress) the use of such features. So don't be surprised if Ma takes any action to that effect in the coming days, given the repercussion of the case.

Update by Rafael Fischmann 02/07/2019 s 20:05

Apple quickly responded politically. In an email sent to TechCrunch, a spokesman stated:

Protect the privacy of priority users in the Apple ecosystem. Our App Store Review Guide requires apps to request explicit user consent and provide a clear visual indication when recording, recording, or storing any type of user activity.

We notify developers that they are violating these strict privacy terms and rules, and will take immediate action if necessary.

Apple has given developers 24 hours to remove these codes from their apps and send them updates, otherwise they will be removed from the App Store.