Apple is cracking down on apps that secretly record their user’s actions. The move follows reports by TechCrunch and App Analyst earlier in the week that apps like Air Canada, Hollister, and Expedia are tracking every app their iPhone users make.
The tracking allegedly comes from firms like Glassbox, an analytics firm that enables ‘session replay’ in apps. App Analyst found that Air Canada’s app was failing to mask passport and credit card data with its tracking solution, shortly after a data breach.
Apple has now told TechCrunch it’s taking a hard stance on such behavior. Under existing guidelines, it’s forcing developers to either disclose the code to its users or remove it from their app. Failure to do could result in removal from the App Store.
“Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” the email to developers reportedly said.
The move follows several actions by Apple against Facebook, which paid iPhone users trivial amounts for access to private messages and device data. Shortly after the controversy, Apple found Facebook had been improperly using enterprise app certificates.
As you’d expect, Glassbox also has an Android version. However, Google is yet to comment on the issue, despite its guidelines strictly prohibiting secret data collection or misleading functionality. It’s likely similar warnings will come from the search giant soon.
For its part, Glassbox says its intention is not to spy on users but to use the data to provide better online experiences. It says it doesn’t share the data with third-parties but admits it doesn’t require its customers to disclose the use of its analytics to customers.
Not disclosing such intrusive analytics to customers is almost certainly a breach of Europe’s GDPR legislation. It’s also clear that the security of such solutions is paramount, given the sensitive information some users enter in apps.