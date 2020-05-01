Just yesterday we echoed the piece on the TechChrunch website about several well-known apps from the App Store that came with an unspecified function: that of capturing the iPhone screen on which they were installed and, therefore, knowing everything it did the user. Something that Apple did not like at all and has gone to work to fix it.

Replay Sessions on mobile

The Replay Session is a tactic implemented by web pages that record a user’s screen for as long as they are on the web throughout their session. In this way, they have data from thousands of users that they can use to improve their services. Glassbox, an analytical firm dedicated to user experience, is dedicated to implementing Session Replay technology in an app, so if we are a company that wants to monitor what users do with our application, we call Glassbox so that Install this way to capture the mobile screen when a user opens the app.

The danger of this is not only that they are recording our session without saying anything to us -and that translates into very valuable data-, but that each press, each time we slide our finger, and what is worse: each text entry is stored and sent to the servers from Glassbox as Hollister or Abercrombie & Fitch do, or to their own servers as Expedia and Hotels.com do, recording even the moments when we must fill in fields such as passwords to authorize the operation, bank numbers, etc. That is sensitive private data, and therefore it is a theft of personal data.

Apple’s ultimatum

Apple, one of the most armored companies in terms of piracy and one of the most concerned about the security of its users, has made it clear to all developers involved in the use of Glassbox and other session capture technologies than remove the code responsible for it from the app or reveal it to users so that they give their consent before the process. According to TechChrunch, the company that authored the iPhone is not going to give these apps a break, because if they don’t do one thing or another they will be punished by Apple, which could result in severe measures such as removing the app with Glassbox technology from the App Store without delay.

The company has made it clear that App Store Analysis Guidelines prohibit this type of activity if they do not have the user’s consent first., in addition to providing “a clear visual indication when they are recording, logging in or recording a user’s activity”. According to an Apple representative, “We have notified developers that they are violating these strict terms and private guidelines, and will take immediate action if necessary.”