Over the past week or so a lot of revelations have been made which show that tech giants such as Facebook and Google were collecting user data via VPN apps on iPhones. While Apple acted swiftly by removing both companies internal application certification until they complied with Apple’s privacy rules, it has come to light that there are indeed many more apps which are collecting user data unchecked.
A TechCrunch report has stated that apps of many hoteliers, travel sites, airlines and more are collecting user data from iPhones. This data would even include gestures such as taps and swipes you make on your device. Abercombie and Fitch, as per the report, actually uses a ‘Session Reply’ technology in its app which allows it to record the screen to see how users interacted with the app.
Abercombie and Fitch, Singapore Airlines, and others use Glassbox, a customer experience analytics firm, which allows developers to embed the session reply technology. Even so, mobile expert The App Analyst, who has a blog specifically for the analysis of apps, said that Air Canada’s iPhone app is not properly hiding the session reply data that could potentially lead to the exposure of passport numbers and credit card data.
The report also stated that some companies such as Expedia and Hotels.com used the session replay technology to send user data to a server located in their domain. The App Analyst, in an interview with TechCrunch, said that the data was “mostly obfuscated” but some information such as addresses and postal codes could still be deciphered.
As per the report, none of the above mentioned iPhone apps makes it clear in the App Store that they record the screen of the user. Moreover, Glassbox itself does not require permission from Apple so the user remains in the dark.
“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” The App Analyst told TechCrunch.