Privacy concerns are increasing with the pace of technology and yet we are not sure whether our conversations, data and activities we do on our phones are private or not, Tech Crunch investigation revealed yesterday that apps using analytics companies Glassbox not only recording screens how users use those apps but also put sensitive data in danger during the process.
Tech Crunch reported that many iOS apps including Expedia, Hotels.com and Abercrombie & Fitch are collecting information on what users are doing on their phones using Glassbox “session replay” technology.
The technology let developers to learn potential issues users may be experiencing within the apps by recording the screens on granular level. However, this technology jeopardizes the information which can be obtained by other bad actors because the information contained in session replays is not masked properly.
According to a researcher known as App Analyst, Air Canada app which uses Glassbox for analytics was capturing passwords and other sensitive user data while failing to effectively redact the data.
However, neither all the apps were leaking masked data, nor any apps mentioned above told users that they were recording screens.
It could be a bigger problem if Glassbox customers are not properly masking the data said the researcher in an email. The data is often sent back to Glassbox servers, there is no surprise that Glassbox is aware of this information and collecting sensitive banking information and passwords here said.
Tech Crunch also approached Galssbox and waiting for their comment on the story, but Air Canada Mobile App implicitly acknowledges that various fields in their app will contain sensitive information and that this data should not be captured in screenshots. But actually, if the systems sometimes fail the sensitive information including passwords, payment can be captured in screen recordings which is a serious security issue. According to 9to5Mac, Glassbox is working in the sector for many years now and Apple should get tighter on these types of services providers.
Some similar services providers like Glassbox include Appsee and UXCam. These companies provide useful services to the app makers in order to capture data to fine-tune their products but that doesn’t mean the App makers to conceal information that they are snapping their screens without their concern and yet the captured data is not safe.