Many popular iPhone apps secretly record your screen without asking

["Dave Farber" <farber () gmail com>]

Begin forwarded message:

> From: the keyboard of geoff goodfellow <geoff () iconia com>
> Date: February 9, 2019 at 12:59:00 AM GMT+9
> To: Interesting Stuff list <is () iconia com>
> Subject: IS: Many popular iPhone apps secretly record your screen without asking
>
> And there's no way a user would know
> EXCERPT:
> Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their 
> iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.
> You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But 
> TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks 
> and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.
>
> Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.
>
> Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics 
> firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. 
> These session replays let app developers record the screen and play them back to see how its users interacted with 
> the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is 
> recorded — effectively screenshotted — and sent back to the app developers.
>
> Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers 
> do in real time, and why they did it?”
>
> The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found 
> Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers 
> and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 
> 20,000 profiles.
>
> “This lets Air Canada employees — and anyone else capable of accessing the screenshot database — see unencrypted 
> credit card and password information,” he told TechCrunch...
>
> [...]
> https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
>
> -- 
> Geoff.Goodfellow () iconia com
> living as The Truth is True
> http://geoff.livejournal.com  



-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
Modify Your Subscription: https://www.listbox.com/member/?member_id=18849915
Unsubscribe Now: 
https://www.listbox.com/unsubscribe/?member_id=18849915&id_secret=18849915-a538de84&post_id=20190208114757:479CB7BE-2BC1-11E9-955F-E2B664C12F1A
Powered by Listbox: https://www.listbox.com