X

Some iPhone apps record your actions without permission, report says

The Air Canada, Hollister and Expedia apps are among those highlighted by TechCrunch.

Sean Keane Former Senior Writer
Sean knows far too much about Marvel, DC and Star Wars, and poured this knowledge into recaps and explainers on CNET. He also worked on breaking news, with a passion for tech, video game and culture.
Expertise Culture, Video Games, Breaking News
Sean Keane
2 min read
iphone-xs-iphone-xr-iphone-xr-max-8

Some iPhone apps are recording what you do, according to a report.

Angela Lang/CNET

iPhone apps from some major companies are reportedly recording how you use them without asking your permission.

Air Canada, Expedia, Hotels.com, Singapore Airlines, Abercrombie & Fitch and sister brand Hollister are among the companies mentioned Wednesday in a TechCrunch report.

They apparently embed "session replay" software -- which lets developers record the screen to see how people use the app -- from a company called Glassbox, so your every interaction is essentially recorded via screenshots.

The software is supposed to mask sensitive data in these screenshots, but the report noted that the App Analyst found that Air Canada's app wasn't always doing so properly.

Watch this: Apple, Facebook support more privacy laws

Some companies sent the captured data to Glassbox, while others sent it to servers in their own domain, according to TechCrunch. None of the companies mention recording your screen in their privacy policies, the site noted.

Abercrombie told TechCrunch that Glassbox's software allows it "to identify and address any issues customers might encounter in their digital experience."

Singapore Airlines said in an emailed statement to CNET that the data "is used for diagnostic and troubleshooting purposes."

"Data is processed in accordance with our privacy policy, which is available on our website," a company spokesperson said in the statement. "We take the privacy of our customers' data seriously. All reasonable measures, as well as regular reviews, are taken to ensure that such information remains safe and protected."

Expedia noted that its brands aren't using Glassbox on any of its "native applications for iOS or Android."

"On select Expedia Group brands native applications for Android, Glassbox exists from a prior proof of concept in the codebase but it has been disabled for some time and has not been actively capturing information," a spokesperson told CNET in an emailed statement.

Neither Apple, Air Canada, Expedia, Hotels.com, Abercrombie & Fitch or Hollister immediately responded to requests for comment.

Back in 2017, security researchers discovered a similar ability in Uber's app. In that case, the ride-hailing company had Apple's permission because it made the app work more smoothly with the Apple Watch.

Apple CEO Tim Cook has, on several occasions, demanded more privacy rights for consumers, highlighting how people's data is constantly sold online without them knowing.

First published Feb. 7 at 8:26 a.m. PT.
Updated Feb. at 2:10 a.m. PT: Adds Expedia statement.