- A number of iPhone apps were discovered to be using session replay to track the screen activity of users.
- Screen replay allows app developers to retrace user activity on their devices to identify problems and bugs in apps.
- The technology has been mishandled in the past with Air Canada leaking private information of 20,000 individuals.
A number of high-profile apps like Expedia, Air Hollister, and Air Canada were caught recording screen data of iPhone users. A number of these apps collect data without any user consent and the data eventually gets monetized. These apps use “session replay” technology to record all of your screen activity including swipes and gestures and they are replayed to check for errors and bugs when using the respective apps.
There have been instances of companies not masking session replay data. Air Canada has been guilty of leaking user 20,000 user profiles of iPhone users that included credit card data and passport numbers. Mobile expert “The App Analyst” was able to intercept data from a number of popular apps and found that the apps obfuscate their data. However, not all of the apps properly implement obfuscation and data like email addresses and postal codes of users was visible.
Apps like Expedia and Air Canada do not explicitly mention to their iPhone app users that their screen data is recorded. After being asked by TechCrunch to mention where in the terms of service the data collection practices are mentioned Abercrombie responded stating that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.”
Session replay is an analytics tool developed by Glassbox and its SDK allows app developers to implement the feature in their apps. Glassbox explained how the feature works as a response to The App Analyst’s findings. The company stated that session replay is limited to the individual iPhone app itself and system functions like the keyboard and other overlays cannot be screen recorded.
Air Canada defended its stance stating that the feature is in place to support customers’ travel needs and to resolve issues of the iPhone app users as quickly as possible. Singapore Airlines mentioned that their data collection policies are stated in their terms of service but there was no proof to be seen.