Background

Screen Recording Technology Should Be Removed, Or Disclosed, Said Apple

The iPhone-maker Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record user interactions on their apps.

The analytics code in question, is called 'session replay'. What it does, is recording practically everything users do with apps, including taking screenshots.

The problems is because many developers didn't disclose this method on their privacy policy.

"Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” said an Apple spokesperson.

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary."

The news follows an investigation by TechCrunch that revealed companies like Expedia, Hollister and Hotels.com to have used third-party analytics tool, like Glassbox, to record every tap and swipe inside apps.

"We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user’s app activity," said TechCrunch.

If ever the developers want to do such a thing, they should at least mask some of the data to preserve users' privacy, or disclose their method clearly on their policy.

Making matter worse, those apps haven't masked users data, making sensitive details like passport and credit card numbers visible to them.

Session replay
Air Canada's app screen records users interactions. Although the fields are masked, the masking isn't always there (Image: The App Analyst/TechCrunch)

Glassbox is a cross-platform analytics tool that specializes in session replay technology.

It allows companies to integrate its technology into their apps to replay how users interacts with the apps. While Glassbox said that the technology, among many reasons, can help reduce app error rates, but the company “doesn’t enforce its customers” to mention that they use Glassbox’s screen recording tools in their privacy policies.

This is a violation for Apple, that forbids any app to covertly gather user data without permission.

Apple gave developers that use session replay technology less than a day to remove the code and resubmit their app. Otherwise, Apple would remove the app from its App Store.

As for Google, its Google Play Store also prohibits apps from collecting user data without permission, saying that "Apps must not hide or cloak tracking behavior or attempt to mislead users about such functionality."

This news follows previous investigation, also by TechCrunch, that revealed Facebook and Google have misused Apple-issued enterprise developer certificate to create and provide apps for users outside Apple's App Store

Published: 
08/02/2019