12 February 2019
Apple, a few days back boasted about privacy on iPhones and trolled literally every other smartphone company making Android smartphones. However, everything has gone south for Apple since then. Initially, it was the discovery of the Facetime bug for which the company now faces a federal lawsuit and now a report claims that many iOS applications were able to record user activates without their permissions.
Apple's iOS is supposed to be the safest and privacy-focused operating system, thanks to Apple’s stringent policies around apps accessing user data. TechCrunch, however, reports that few of the very popular of leading hotels, travel sites, airlines, cell phone carriers, banks, and financiers were not only able to record every tap, button push along with financial details but were also able to send it back to the developers.
As per the findings, these apps collected all the data of how users are using the applications and in the process exposed some highly sensitive user data too. Popular apps like Air Canada, Singapore Airlines, Hotels.com, Expedia, Abercrombie & Fitch were found to be using a session replay technology from Glassbox in their applications. This technology helps the application to record user activities while using the app and lets the developers play it back to see how the users interacted with the app.
TechCrunch reported that almost all the recorded sessions had highly critical data, like Passport numbers, credit card numbers, which were exposed. The App Analyst, a mobile expert cited by the publication, revealed that none of the applications which collected the data disclosed this to the users.
While App developers use various tools to analyze how the users are using their applications in order to make the application more useful and error-free, however, disclosure regarding the same is mandatory making the user aware about the same along with measures to mask the critical data is utmost important.