Enter text on a keyboard, touching a button, or zoom on an application: all of these gestures are recorded without your knowledge if you use certain popular apps such as Expedia, Hotel.com or Singapore Airlines. This practice, called “session replay”, is to record what happens on your phone screen and send it to the developers of the applications so that they can “in principle” to improve their interfaces. In a survey, the media specialist TechCrunch points the finger at the analysis company in israel, Glassbox. She collaborates with many brands (Hotels.com, Expedia, Abercrombie and Fitch,…) to provide details on the data collected from their customers. In one of his tweets, Glassbox boasts even able to observe what the users do on their phone in real-time.
” READ ALSO – An Android smartphone sends ten times more data to Google than an iPhone at Apple
The practices of Glassbox represent a new infringement of the protection of the privacy of the users of iPhone. These screen recordings are in fact never mentioned in the terms of use of the targeted applications. For its part, Apple has however always been clear on one point. The company explicitly prohibits developers from collecting data that are not necessary for the functioning of the applications.
bank details and passport numbers of
Among the businesses targeted by these revelations, the case of Air Canada is even more problematic. The application of the airline, on which 1.7 million customers have created an account, gives access to sensitive information. On some screen recordings, sent to the company’s servers, black stripes supposed to hide this sensitive data disappear. It is thus possible to clearly read the card codes blue, passport numbers or passwords of the clients, making them vulnerable in the event of a potential cyber attack. As a reminder, last August, Air Canada has been a victim of hacking. At the time, 20,000 accounts customers had been affected, and all users had to change their password.
Screenshot : The App Analyst
This is not the first time that such practices are discovered. Already by the end of 2017, a computer scientist, Will Strafach, had realized that the application Uber had exceptional authorisations on the part of Apple to make screen shots of its users. The company was justified in claiming that it was only to set bugs display cards on its app for the Apple Watch.
” READ ALSO – private Life: Apple was also in need of a “mountain of data”
These different revelations come at a time when Apple has made the protection of our sensitive data a spearhead in the face of companies like Facebook or Google. The company finally responded a few hours after the investigation of TechCrunch. She hopes that the applications unpleasant to remove this feature or at a minimum have the faster of the terms of use more clear, stating precisely what collection Glassbox. “Our rules of conduct require that apps ask the user for explicit consent, and that they provide a clear, visual indication during the recording of the activity of the user,” said the firm. If these clarifications are not made, Apple wants the code that allows applications to analyze the data of its users via screen recordings to be deleted by the developers. If the applications do not make the necessary updates, the company warns that they will be excluded from its App Store.
Big Bang, Eco, Maison de la chimie in Paris, on march 27, 2019, from 9h to 17h30
” check out the 3rd edition of 2019