In a recent article from TechCrunch, it was revealed that Apple is calling for the removal of code that lets developers record how a user interacts with their iPhone apps or face having their apps removed from the App Store entirely.
Apple issued this warning to developers because a recording of this kind without proper consent from a user goes against App Store Review Guidelines and is considered a major violation of user privacy.
An Apple spokesperson in an email to TechCrunch said that protecting their user privacy is paramount in the Apple ecosystem. App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.
Expedia and Hotels.com, both prominent travel apps, were found to be using a third-party analytics tool to record every tap and swipe inside of their apps without ever prompting a user to give the go-ahead to do so.
The third-party company in question is an analytics firm called Glassbox. Glassbox implements what is known as session replay technology by embedding code in a mobile app that records user activity. This gives an app maker the opportunity to see how certain features are used and help identify issues.
This session replaying – although morally dubious – isn’t inherently harmful, but it does raise questions about what kinds of backdoors are being left open in the process that could allow for easier access to sensitive data. In this case, where sensitive data was supposed to be masked, data like passport numbers and credit card numbers leaked anyway.