In an effort to better understand how their customers interact with mobile apps, certain companies employed a third-party analytics data that can record everything you do while inside an application, including every single tap, swipe and text input.
Air Canada, Expedia, Hotels.com, Singapore Airlines and Abercrombie & Fitch are among the companies mentioned in the probe.
The recordings are generated through the companies' use of Glassbox, a customer experience analytics firm that allows developers to embed "session replay" technology into their apps. And, these were recorded as sessions without users even being unaware and without their permission, and further wasn't mentioned in the apps' descriptions or policies for that matter. "Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging or otherwise making a record of user activity", it said.
Apple gave the developer in question less than one day to remove the code and resubmit their app or the app would be removed from the app store, the email said.
Most people, including me, would be wary of giving permission to an app to record the on-screen activities unless they specifically tell us what they're capturing.
The App Analyst said "This allows Air Canada employees - and anyone else capable of accessing the screenshot database - to see unencrypted credit card and password information".
TechCrunch queried companies that employ Glassbox technology inside their apps about The App Analyst'sreported findings. The apps involved with the aforementioned company are from airlines, hotel and travel services, banks, financiers, retailers, and even carriers. If customers see that the app is recording their activities, they might get cautious or exit the app.
In response, a Glassbox spokesperson said that the TechCrunch investigation was "interesting, but also misleading".
Tech Crunch subsequently asked the Analyst to look at a sample of apps that Glassbox had listed on its website to see if these other apps have the same problem.
Expedia noted that its brands aren't using Glassbox on any of its "native applications for iOS or Android".
Since the reports were published, an Air Canada spokesperson has told TechCrunch that it uses "customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips".
Glassbox's technology records every action the user takes while navigating through an app, including any screenshots that are snapped.
Last week, Apple temporarily cut off Facebook's access to its internal apps after it was discovered the social network had used a programme designed for internal app testing to distribute a market research app to members of the public who had agreed to let Facebook access all the data on their devices. Moreover, some of these apps also sell your data to the advertisers without letting you know.
"The protection of customer data and privacy is of the utmost priority to us".