Brands including Air Canada, Hollister and Expedia are using their iPhone apps to record, and then replay, the way users are interacting while in the mobile program. So says a TechCrunch story, which also found that the sessions sometimes revealed identification including passports numbers.
The apps are taking advantage of a product called Glassbox, an analyst's company which uses a feature called session replay, which the company says can give brands "real-time visibility" into how an app is being used, and designed to help firms figure out why, for example, someone may have walked away from an online shopping cart without completing a purchase.
- It's time to think seriously about your Facebook privacy
- Apple disables Group FaceTime after major privacy bug found
- Sgnl Wristband and app review
Recording your actions
Apps collect and store a lot of data. Fitness apps record how many steps we've taken, and often can located us when they're in use. Apps connected to smart devices can record our movements as well, when we come in and out of a home, for example, or how often we lock our door. We depend on these apps to serve data to us. Did we reach a fitness goal for example? Did our child arrive home from school? But we're not the only one seeing that data as well.
While most people are inured at this point to the idea of their data being logged, Glassbox takes this a step further by actually creating a live video meant to be viewed by a company. In some cases this data is being sent to Glassbox, while other brands are opting to send the data to their own servers.
Some apps, including Expedia, are using a feature called session replay, which allows them to record live video of someone's actions in an appiStock
The feature doesn't open a camera and record — facing out — the person holding a phone. Instead it captures where they're moving in the app, spots on the screen where they're tapping, and the screen itself. A video on Glassbox's own site shows the level of detail the feature can capture, each specific click, whether that's buy button, or adding in a zip code, and the data being entered including email addresses and phone numbers.
That's how data can be inadvertently seen — text marked into boxes which is being captured along with swipes and tapping. Some mobile apps turn each entry into a hidden character, such as a hashtag or a star, to blur text as it's being logged.
But with session replay, that action is being recorded, each character entered. And keenly, when apps have Glassbox installed, consumers also can't tell. Nor do they know that while in the app they're actions are being recorded.
Other brands using Glassbox on their mobile apps include Abercrombie & Fitch, Singapore Airlines and Hotels.com.
Apple, known for strict requirements before apps can be entered into its App Store, recently had to pull one of its own native features, Group FaceTime for privacy concerns because of a bug in the code. Launching a Group FaceTime call, would allow the original caller to hear and see the person they were calling — even if the caller never answered the call. The bug turned Group FaceTime into an eavesdropping device. Congress has sent Apple a letter about the bug, demanding answers to this issue by February 19.