Several popular apps on the Apple store — including the one made by Singapore Airlines (SIA) — may be tracking your taps and swipes without your permission, TechCrunch found out.
That’s because the apps employ the service of customer experience analytics firm Glassbox, which allows developers to bake something called “session replay” into their apps. They’re not even hiding the fact that their mobile apps could potentially spy on what users are doing — part of Glassbox’s assurance is “always watching, always learning”.
“Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility,” Glassbox tweeted last year.
Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it? This is no longer a hypothetical question, but a real possibility. This is Glassbox. Experience it for yourself: https://t.co/E3uXcr0Gjf pic.twitter.com/9cJ40xbSaI
— Glassbox (@GlassboxDigital) October 16, 2018
How the technology works is that developers will have the ability to record the screen and play them back to monitor how users interact with the app. It’s all done with good intentions, of course — the purpose is to optimize user experiences by identifying errors or blindspots for app developers to fix through updates. Perhaps there’s a button that refuses to register your taps. The tech records the buggy interaction for troubleshooting purposes.
The method of surveillance, however, opens up the chance for sensitive personal information to leak out if handled wrongly. If GlassBox’s customers aren’t properly masking data as they should, information such as credit card details and passwords could be intercepted.
Even worryingly, a leak has happened before according to The App Analyst. Air Canada’s mobile app — which tracks users through Glassbox — admitted last August that 20,000 of its user profiles may have been “improperly accessed”. Attackers could have accessed information including names, email addresses, phone numbers, and even passport details. Fortunately, credit card data had been encrypted.
Aside from SIA, TechCrunch identified other apps such as Abercrombie & Fitch, Hotels.com and Expedia using Glassbox’s tech.
— Sunil Karkera (@gluecode) January 5, 2019
Despite flexing on everyone else earlier this year, Apple’s concerning violations in privacy have been well-cataloged. Last month, a bug in Apple’s FaceTime software enabled users to eavesdrop on other people while waiting for a call to be picked up. Facebook was able to find a loophole in the Apple App Store and paid users to let the social media giant have root access to their phone activities.
But the methods are undefined. One would certainly have some apprehension about phone screens being recorded without their knowledge. At least one person has already requested SIA to stop using Glassbox.
This article, Singapore Airlines’ iOS app could be recording your screens without you knowing, originally appeared on Coconuts, Asia's leading alternative media company. Want more Coconuts? Sign up for our newsletters!