The revelation comes via a TechCrunch report on Wednesday which describes how the customer analytics firm Glassbox allows its customers - which include major companies like Abercrombie & Fitch, Expedia, and Air Canada - to record user activity and use those recording to make product improvements.
Essentially, every time a user taps on the screen, pushes a button, or types on a keyboard within a specific app, that activity is screenshotted and sent to the app's developer.
Other Glassbox customers include Hollister, Hotels.com, and Singapore Airlines, according to its website.
The recordings are apparently only activated when a consumer is inside an app that's using the Glassbox technology, and not when the consumer is going about other business on their phones. But the practice poses problems because, as TechCrunch found, none of Glassbox's customers make mention of screen recording in their privacy policies or iOS terms and conditions. And according to TechCrunch, Glassbox said it does not require customers to mention its usage in their terms.
TechCrunch also raised the issue of what happens when a user enters sensitive information into an app, like credit card or passport numbers. As the report discovered, Glassbox is supposed to obfuscate this information, but that doesn't happen all the time. As a result, sensitive customer data can potentially be broadly exposed to employees responsible for a company's app development, and vulnerable to data breaches.
The practice of screen recording is so sensitive that historically, Apple has not given third-party developers the ability to do so. That's why users were shocked to learn in 2017 that Uber had been provided special permissions by Apple to record their screen and access other personal information without their knowledge.
"Granting such a sensitive entitlement to a third party is unprecedented, as far as I can tell," Will Strafach, a security researcher who discovered the Uber situation, told Business Insider at the time of the Uber situation. "No other app developers have been able to convince Apple to grant them entitlements they've needed to let their apps utilize certain privileged system functionality."
Apparently, Glassbox has figured out a way around Apple, allowing its customers to embed its technology into their apps without any special permissions.
Glassbox and Apple did not immediately respond to Business Insider's requests for comment.
Also from Business Insider South Africa: