Some airline, hotel booking apps on iOS found recording user screens

Donna Miller
February 10, 2019

They apparently embed "session replay" software - which lets developers record the screen to see how people use the app - from a company called Glassbox, so your every interaction is essentially recorded via screenshots. The problem? Every tap and keyboard button press is recorded, sending sensitive information unencrypted to developers. This app, which belonged to Air Canada, was also reported to leak unmasked passport numbers in the App Analyst's study.

That tool, called Glassbox, is embedded inside some popular apps, including those from Expedia, Hotels.com, Air Canada, and others. Glassbox says it provides the technology, among many reasons, to help reduce app error rates. Instead, it has asked the app developers to record user's screen only after they have obtained explicit user's permission for the same.

None of the apps that were found to be recording their users' screens said they were doing so in their privacy policies. The company also added that if the developers fail to do so then they will have to face some hard punishment which also includes the removal of the app from the App Store. Nevertheless, its screen-recording techniques run contrary to Apple's user privacy-related practices. And some of the data sets being recorded would be terrifying to app users when you consider platforms like Glassbox or Appsee, that can literally playback what a user did inside an app, tap by tap. It's no mystery that companies and apps are out to gather data like this, but it becomes worrisome when it's in the hands of a firm or service provider that doesn't have secure measures in place.

This statement is a direct aim at Air Canada and other hotel, airline and retail apps that secretly record the iPhone's screen when the app is being used.

PSG Boss Delivers Update On Edison Cavani Ahead Of Manchester United Clash
United, meanwhile, have run into form since replacing Jose Mourinho with Solskjaer at the end of December. Tuchel's side will also be missing Brazil striker Neymar, who has been ruled out with a foot injury .

UPDATE: Feb. 8, 2019, 9:41 a.m. CET "Glassbox and its customers are not interested in "spying" on consumers".

It's unclear, however, if Google will follow in the footsteps of Apple and ban any apps that use it.

The company recently tweeted: 'Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?'

Air Canada told TechCrunch that the company "Air Canada uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips". "This information helps companies better understand how consumers are using their services, and where and why they are struggling", a Glassbox spokesperson told Mashable. The App Analyst found that in some cases, the data was masked and in some cases it wasn't. Yet we believe it is partial and doesn't adequately convey the many benefits for our customers and their users; or reflect the security and privacy capabilities inherent in Glassbox.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER