Shortly after it was discovered that Facebook and Google had misused their company certificate to install applications to monitor user activity outside the App Store, a new report appeared on apps that apparently recorded all the interaction of the users and sent them to the developers or to a service provider.
In some cases, these recordings did not adequately mask sensitive user data, which included passport numbers, credit cards and other data. And all this without the consent or knowledge of the user.
Apple claims that this constitutes a violation of the App Store guidelines. The company does not prohibit the use of analytical services but requires disclosure of each and every one of these activities and, most importantly, the user’s consent.
According to TechCrunch, Apple has informed application developers and granted them a short grace period to remove the offending code, start informing their users or be expelled from the App Store.
Some of the affected applications include Hotels.com, Expedia, Abercrombie & Fitch, Air Canada and Singapore Airlines, among others. Given the nature of these applications, it is expected that they correct the problem.
What complicates things a little is that these apps use a third-party service such as Glassbox to implement this functionality.
Glassbox is a cross-platform analysis tool that specializes in repeat-session technologies. It allows companies to integrate their screen recording technology in their apps to reproduce how the user interacts with the apps.
Glassbox says that it provides technology, among many other reasons, to help reduce the error rates of apps. But Glassbox “does not force its customers” to mention that they use screen recording tools in their privacy policies.
This problem not only affects App Store apps. As with the previous case of Facebook and Google, Glassbox and other similar services also work on Android. Although Google also prohibits these covert activities, so far has remained silent on this matter.