Some of Your iOS Apps Have Been Recording Your Screen Without Permission

Apple might claim not to be spying on you, but the same cannot be said for a bunch of favourite apps found in the App Store. Whether we like it or not, almost everything we do online retrieves data for analytical purposes.


with existing privacy legislation like the GDPR, we are supposed to have a consent to this data retrieval, be made aware that it’s happening and other things like knowing where our data is stored and transferred safely.

So what happened when your data is recorded without your consent? That is what appears to be happening with the group of favourite apps that are found in the App Store, and this was investigated by TechCrunch. These apps record every single thing on your screen while you use the app, from the touches to passwords. Sometimes, they don’t even ask for permission to do so, and this is a clear violation of privacy laws. The companies involved? Some big names like Air Canada, Hollister, Expedia and

Tech from Glassbox was used in the apps to record “session replays”

TechCrunch dissected these apps with the help from App Analyst, an analytical company which specialises in data collection. They found out that tech from Glassbox was used in the apps, which can create “session replays,” or everything you have done during the time of usage — ever seen a screencast? Yeah, this goes way beyond that. Also, it records things like passwords, credit card numbers, and other types of sensitive data.

Even worse, the analysis showed that Air Canada’s app also sent those credit card details across the internet without encryption. Any hacker who wanted to skim cards could quickly grab the data as it went past, perhaps with a fake Wi-Fi hotspot. TechCrunch says that none of these favourite apps warns its users that their actions are being recorded in this way, and it is not mentioned in the privacy policies of the companies.

Glassbox is proud of its tech

While the companies using this technology might be hiding, Glassbox itself is not. They are proud of their capabilities, stating that “Imagine if your mobile app or website could see exactly what your users do in real time, and why they did it? This is no longer a hypothetical question but a reality.”

That boasting is likely to get Glassbox in hot water with EU regulators at some point in the future, along with all of its clients. While the data collection is not likely to be illegal, the lack of transparency and consent is. There is also the issue of credit card details flying around the internet unencrypted, which is not PCI compliant. There have been significant fines in the past for this kind of blow out, so watch out for this space to see if Air Canada gets any sanction or fines.

Do you think these companies should get into trouble for their data collection practices on iOS? What do you think about all of these? Share your thoughts with us by using the comments section below.


Questions? Suggestions? Leave them below...

Notify of