Follow us:
  1. Home
  2. News
  3. Cybersecurity News

iPhone apps found to record users’ screens without their knowledge

Technology embedded in several apps reportedly records every action users take for analytical purposes

Photo via Twitter
A host of popular travel, shopping, and banking iPhone apps record users’ screens without their permission, according to a new report by TechCrunch and mobile security blog The App Analyst.

Companies including Air Canada, Hollister,, Abercrombie & Fitch, and Expedia are “recording every tap and swipe” that users make in their iOS apps and sending the information back to the app developers, TechCrunch reported.

None of the apps named ask users for their permission to have their activity recorded, nor do they state that they are recording user actions.

The recordings are generated through the companies’ use of Glassbox, a customer experience analytics firm that allows developers to embed "session replay" technology into their apps. This allows developers to record users’ screens and play them back to obtain information on how people use the app.

“Since this data is often sent back to Glassbox servers, I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” The App Analyst told TechCrunch.

Not shielding sensitive information

The App Analyst demonstrated the problematic issue using Air Canada’s app, which used Glassbox to screenshot credit card information and user passwords.

“While there may be value in documenting user activity through screenshots, there is also a large amount of risk that the screenshots may capture sensitive data,” The App Analyst noted. “Air Canada has attempted to mitigate this risk by configuring black boxes to cover sensitive fields. However this attempt has failed, potentially condemning a user’s sensitive data to residing in various screenshots stored by Air Canada.”

In response to the new findings, Air Canada provided the following statement to TechCrunch:

“Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips,” said a spokesperson.” This includes user information entered in, and collected on, the Air Canada mobile app. However, Air Canada does not—and cannot—capture phone screens outside of the Air Canada app.”

Take an Identity Theft Quiz

Get matched with an Authorized Partner

    Share your comments