According to a report, several iOS apps are collecting user analysis data, including screenshots and entire user behavior records and transferring it to an analysis company.

Update: According to Techcrunch, Apple has contacted the developers of the apps and asked them to remove the analysis code or correctly report it to the users. Otherwise, Apple will remove the apps from the App Store. Speaking to Techcrunch, a spokesperson said, “We’ve informed developers who violate our strict privacy rules and policies and will take immediate action if necessary.”

Techcrunch reports a case where the developer only had one day to remove the code and resubmit their app. Techcrunch also confirms that Glassbox has customers among Android app developers, but there are no responses from Google so far.

Original message: The Techcrunch website reports that many popular iOS apps use the technology of Glassbox, an analytics company that allows users to record user behavior in apps. The so-called session replays allow the developers to take screenshots or even complete recordings including screen touches, key usage or the use of the virtual keyboard.

However, some of the apps do not mask the visible personal information in the records as expected, according to the claims of Techcrunch’s cited experts, so personal information such as ID numbers or credit card details would be transferred in the screenshots. And these data, such as the Air Canada app, could be viewed by employees with access to the server where the profiles are stored at any time, according to the message.

The quoted expert, who examined several apps called Glassbox as a customer, concluded that while most apps disguise the data, occasionally data such as email addresses or postal codes still visible. All this data either sent to Glassbox servers or directly to servers of the Glassbox customer and the expert would not be surprised if there were now also sensitive data on bank details or passwords.

Specifically, the Techcrunch article mentions the following apps (in the North American version) that the expert has studied:

Air Canada

Abercrombie & Fitch

Expedia

Hollister

Hotels.com

Singapore Airlines

None of the apps that work with Glassbox, in the privacy policy, indicates that the user’s screen is being recorded. According to the SWR3, Apple actually points out in its own guidelines that the use of such analysis tools has to be identified for the user, which in most cases does not happen in practice. Without the specific permission of the user or Apple for the function, there is no current possibility other than the traffic analysis an app to detect this behavior.

While the techcrunch article’s claim by the expert only applies to North American apps, similar features could be found in apps for other regions. After all, in addition to Glassbox, there are other companies like Appsee or UXCAM with similar offers for user analysis of their own app.