According to TechCrunch, several popular iOS apps use Glassbox, an analytics company, to deploy session replaying into their apps. "Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity".
According to TechCrunch, none of the apps that were checked told users they were recording their screens or that they were sending the information back to each company.
In a recent tweet, Glassbox boasts about signing a deal with Air Canada, one of the apps TechCrunch has found to be among the worst offenders.More news: Huawei says it could take 5 years to resolve hardware issues
"Several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don't ask or make it clear - if at all - that they know exactly how you're using their apps".
Using Glassbox's session reply technology, app makers can see every tap and swipe you make. Add the fact that the use of Glassbox analytics doesn't require any permission from the user or Apple, and you've got a flawless storm of pseudo-iPhone user snooping.
Apps like Singapore Airlines and Hotels.com also use Glassbox's session replay technology in their apps.
Not all apps using Glassbox are including these sensitive pieces of information in replays, but even those that are attempting to mask data can run into errors and leak secure content. And, these were recorded as sessions without users even being unaware and without their permission, and further wasn't mentioned in the apps' descriptions or policies for that matter. The report also adds that apps like Air Canada and other travel websites that include fields in which users enter sensitive information such as passport numbers, credit card numbers and other financial and personal information. This means anyone with access to these replays can access sensitive information. Consider that last August, Air Canada had a data breach that affected 20,000 users of its app. App developers are now being told to either remove or disclose their use of codes in their app, which screen records the users' interaction within a particular app, under the App Store guidelines.More news: Kim Kardashian West is feeling 'calm' about fourth child
Apple's response to this screen-recording controversy shows that its primary concern isn't necessarily the analytics code itself but the disclosure to users that such technology is being used.
When creating a new account, or resetting a password on the Air Canada app, the screenshots taken by the app do reveal a user's password quite clearly.
In which case, the App Analyst suggest that users take a more active role in how they share their data. The app then beams the reply back to the Glassbox servers.