According to a report by TechCrunch and The App Analyst found a number of iOS applications that record user screens without permission.
The apps mentioned, including Air Canada, Abercrombie & Fitch, Expedia, Hotels.com and others used analytics software from a company called Glassbox that embeds “session replay” tech to show them exactly what users are doing. These tools capture screenshots and user interactions, including on-screen taps and in some cases keyboard entries, which are sent back to app developers or Glassbox servers for further examination.
The App Analyst showed how this happens in Air Canada’s app, where it could screenshot credit card info and user passwords.
Though not as polished as the video-enabled screen recording function built into iOS 12, session replay technology effectively screenshots an app’s user interface at key moments to determine whether it is functioning as designed, the report said.
“Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app,” a Glassbox spokesperson told the publication. More specifically, when a keyboard overlay appears above the native app, “Glassbox does not have access to it.”
Glassbox customers include big-name corporations like Abercrombie & Fitch and sister brand Hollister, Hotels.com, Expedia, Air Canada and Singapore Airlines.