TechCrunch discovered popular iPhone apps Abercrombie & Fitch, Hollister, Expedia, Hotels.com, Singapore Airlines and Air Canada were tracking everything users were doing in their apps.
Some of the apps were using customer experience analytics firm Glassbox's "session replay" technology. Session replay allows the developers to see and record every tap, swipe and keystroke the user makes.
Glassbox is designed to mask sensitive information like credit card numbers, but not all the apps using it are masking the data fields properly. Screen recordings are sent back to app developers through Glassbox's servers. This means anyone with access to those servers could see your unmasked sensitive data.
Additionally, app developers aren't required to tell users about the surveillance or potential risks under Glassbox's policies.
"Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?" Glassbox's bio reads on Twitter.
None of the apps that were found to be recording their users' screens said they were doing so in their privacy policies.
But when questioned about it, Abercrombie & Fitch and Singapore Airlines cited similar reasons for using Glassbox.
Both companies told TechCrunch that using session replay helped them create a better experience for users and troubleshoot errors.
Glassbox isn't the only company that provides this service or similar services.
Developers can benefit from knowing what their apps are doing well and where they can improve. However, the steps that some developers take to collect this information can feel intrusive and violate a user's privacy unless developers are clear and upfront about how they collect user data.
FOLLOW Download.com on Twitter for all the latest app news.
- Popular iOS apps Abercrombie & Fitch, Hollister, Expedia, Hotels.com, Singapore Airlines and Air Canada were tracking everything users were doing in their apps by secretly recording their screens.
- Some of the apps used Glassbox's session replay. This allows the developers to see and record every tap, swipe and keystroke the user makes, but developers aren't masking sensitive data.
- Best apps for securing Android and managing privacy settings
- How some apps are letting abusive partners track their spouses' location and phone calls
- Dozens of iOS apps caught secretly sharing your data for profit
- Microsoft Authenticator app now warns you of suspicious activity on your account
- Apple iPhones are now showing AT&T's fake '5G E' network too (CNET)
- Do-not-disturb on iPhone really sucks (and how Apple can fix it) (ZDNet)
- What can Apple do to make lightning strike again for a product? (TechRepublic)