This week, I learned a new thing. Many things actually, but one in particular that was really eye-opening for someone who has been a privacy professional for as long as I have.

Session replay technology. I had never heard of it before. I found out about it because Apple is now telling its app developers that they have to disclose the use of session replay technology in order to be included in the app store. So this requirement by Apple piqued my interest.

Session replay technology is used by companies such as Glassbox, a customer experience analytics firm, to allow app developers to get real time analytics on how users interact with apps by using session replay technology. This means that the technology is embedded in the app and allows the developers to record the screen of the cellphone while the user is using the app and they later play the recording back to see how the user interacted with the app. The technology allows the app developer to record and play back every tap, keyboard entry and swipe of the user. This is effectively a real time screen shot of the user’s screen while the user is using the app.

Most apps don’t tell you if they are using session replay technology in their Privacy Policy. Apple felt strongly enough about the privacy implications of the use of session replay technology that it is telling developers to either remove the use of the session replay technology or properly disclose it to users. According to Apple, “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

Name brands use session replay technology and are recording users’ every move on their screens. Although we continue to recommend that users read companies’ privacy policies before download an app, in this case, privacy policies do not include the use of session replay technology and Apple has come to the consumers’ rescue.

[View source.]