iOS apps can record what you do in them and then unsafely send that data

If you use an iPhone or iPad and have apps from Air Canada, Abercrombie & Fitch, Expedia, Hollister,, Singapore Airlines and a number of others, you may have sent sensitive data back to those companies and don’t even know it.

Those companies use services from Glassbox, a CRM firm, which records customers’ screens while they are using the app and sends the data back to either that company or to Glassbox. And depending on the company and what protections they apply, some of that data includes input data into address, phone number and other fields.

According to The App Analyst blog, the Air Canada app, which captures a series of screenshots during the user session, utilizes masking boxes that are supposed to block out that data, but those boxes don’t always appear in every screenshot. Other apps have some of the same troubles.

TechCrunch reports that the above companies’ privacy policies for their apps — disclosures required by Apple — don’t make any mention of the screen recording behavior, also known as “session replay” captures. Companies have either not commented or have not been able to point to any specific disclosure about session replays.

Share This Post

Watch the Latest Pocketnow Videos

About The Author
Jules Wang
Jules Wang is News Editor for Pocketnow and one of the hosts of the Pocketnow Weekly Podcast. He came onto the team in 2014 as an intern editing and producing videos and the podcast while he was studying journalism at Emerson College. He graduated the year after and entered into his current position at Pocketnow, full-time.