Popular IOS Apps Use Glass Box SDK To Record User Screens Without Permission

Some IOS applications, the operating system of the iPhone, may be recording every touch and click that users make on their screens, according to a report released Thursday by Tech Crunch .According to the source, the applications would be performing these actions without having received any type of permission from users. The report explains that these applications have a software development kit (SDK for its acronym in English) of the company Glass box, which is used by developers in the testing of applications, to see how the user interacts and navigates the interface of your app and the phone.

This SDK records everything the user does and then reproduces it supposedly, protecting sensitive data reflected on the screen, such as telephone or account numbers, although according to the TechCrunch report it does not do it on all occasions, which applies more serious to the reported issue.

TechCrunch says it has found several applications for iPhone that have this active SDK, from hotel applications such as Hotels.com to airlines such as Singapore Airlines or Air Canada, through mobile phone operators and banks or fashion stores such as Abercrombie & Fitch.The medium asked the expert in applications analysis, The App Analyst , to examine some of the client applications that Glass box points to on its Web page, to check if the SDK is active in them.

The expert concluded that not all applications were filtering private information such as account numbers or passports, but none of them warned users that it was recording the screen.In addition, he adds that the information collected by the SDK was being sent in most cases to the Glass box servers, although other companies had chosen to send them to their own servers, as in the case of Expedia and Hotels.com.

The media sent requests for comments to the companies involved and got some answers. Abrecrombie responded that they use this system to “maintain a perfect shopping experience, which allows us to identify and address any problems that customers may encounter in their digital experience.”

Glass box told the media that it does not oblige its customers to mention that its system is being used in its privacy policy. According to the company, its SDK can only interact with the client’s native applications (not with the rest of the applications or with the phone) and, in addition, the SDK does not have access to the application when the keyboard covers the screen, that is when the user is typing.

Apple has not yet ruled on what decisions it will take before this case, whether it will tighten the conditions on the permits or whether it will temporarily remove applications from its store. We have sent a request for comments to Apple, but the company usually does not respond in these cases.

LEAVE A REPLY