Some iOS apps track every tap or swipe you make

Adjust Comment Print

Glassbox is one of the analytics companies that deploy session replaying technology into apps of its customers, which allows developers to see how its users interacted with the app in order to make improvements.

The session replay technology enables app developers to record users' every single tap, keyboard entry, button push, etc. In other words, personal info, such as passport numbers and credit card information, of its app's users are inadvertently exposed to the company's employees and anyone else who have access to the playback data collected.

Apps such as Expedia,, Abercrombie and Fitch and several airline apps record what's happening on screen - and send it over the internet.

Earlier this week, it was discovered that a number of popular iOS apps use an SDK developed by Glassbox and which powers a feature called session replay to record the activity happening on the screen. "The move comes after a TechCrunch report showed that many apps do not disclose such activity to users at all, and some sensitive user data has been compromised through screen recordings".

While all of the companies that Techcrunch spoke to said the data they collect is in accordance with their privacy policies, none of the apps explicitly said they collected on-screen activity in this way.

Apps that are submitted to Apple's App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user's screen.

Aston Martin To Showcase Lagonda All-Terrain Concept At Geneva Motor Show
The Lagonda all-terrain concept will be based on the Lagonda Vision Concept that was showcased at last year's Geneva Show. It also allows Aston to develop electric cars while keeping its high-performance gasoline cars separate.

Ubisoft address The Division 2's private beta bugs
For PC, you will receive an email on February 6, and the Private Beta will be available in your Uplay client. And again, Ubisoft says these and other issues will be fixed ahead of The Division 2's release on March 15.

Bodycam video shows Florida man dancing during sobriety test
According to an arrest report, Christopher Larson forgot to put the truck in park when he unlocked the door and began to get out. At one point in the tests, Larson was instructed to walk heel-to-toe across a piece of tape stretched out on the ground.

Apple gave the developer in question less than one day to remove the code and resubmit their app or the app would be removed from the app store, the email said. However, while engaging in such activity without keeping the user in the loop is no doubt a violation of user's privacy rights, what is further detrimental is the manner such info is often recorded without proper masking of user data.

In other words, even if an app is trying to record everything it can, it can only record the swipes, taps, and data you enter within that app. The companies using the software included retail outlets, airlines, banks, travel sites and hoteliers.

"Glassbox and its customers are not interested in "spying" on consumers", Glassbox told The Verge in a statement. But it's not the only app to gather information about what users are up to, and to feed this back to developers.

It's unclear, however, if Google will follow in the footsteps of Apple and ban any apps that use it. "On select Expedia Group brands native applications for Android, Glassbox exists from a prior proof of concept in the codebase but it has been disabled for some time and has not been actively capturing information".

Ambercrombie (sister company of Hollister) confirmed that Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience". This security lapse means if the company's servers are compromised, screenshots can harvest tonnes of user data. Intrusive iOS Apps According to an investigation carried out by TechCrunch, the culprit in this case is Glassbox.