According to a TechCrunch report, several popular iPhone apps, including hotels and travel sites and retailers, not only know what you’re doing with their apps but they could even expose sensitive data.
The technology news site discovered that apps including Hotels.com, Air Canada, Singapore Airlines, Expedia, Hollister and Abercrombie & Fitch use Glassbox, a customer experience analytics firm that allows developers to embed so-called “session replay” technology into their apps. Developers can then record users’ screens and play them back to see how people used the app.
“Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers,” TechCrunch reports.
The technology news site asked mobile expert The App Analyst to examine apps that Glassbox listed as customers and see what data was leaving the iPhone.
“Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” he told TechCrunch.
TechCrunch reports that it would have to analyze all the data for each app to know for sure if an app is recording a user’s screens.
The App Analyst told TechCrunch that while Abercrombie & Fitch sent its session replays to Glassbox, others such as Hotels.com captured the session replay data and sent it back to their own servers. Although he reportedly said the data was “obfuscated,” he did see email addresses and postal codes in a few instances. Air Canada’s iPhone app was not properly masking the session replays, however, exposing passport numbers and credit card data, according to The App Analyst.
TechCrunch asked each company where in their privacy policies it allows them to capture what users do on their phones.
“Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips,” said a spokesperson.” This includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not—and cannot—capture phone screens outside of the Air Canada app.”
The other companies did not respond to requests for comment from the tech news site.
“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” said The App Analyst.
Fox News reached out to Apple, Glassbox, Air Canada, Hotels.com, Abercrombie & Fitch and Expedia with a request for comment on the story.