A recent TechCrunch investigation revealed several mobile apps were recording in-app activity. To make matters worse, they were doing it without users’ knowledge.
Major companies such as Abercrombie and Fitch, Air Canada, and Expedia were found to be working with a third-party analytics firm. The firm secretly records users’ swipes, taps, and shopping activity to learn more about “customer habits.”
This revelation is just one of many stories revealing just how pervasive data collection has become.
According to the report, none of the apps they looked at told users that they were recording their screens. They also didn’t specify that they were sending data back to Glassbox Analytics, their third-party insights provider.
Wait, it’s not just a case of people failing to read the privacy policies?
Apps are required to disclose any tracking or data harvesting methods in their terms of service agreements. However, Glassbox’s offering provided a workaround of sorts to its customers.
Glassbox Analytics provides an API that allows them to collect information about their customers. The API masks sensitive information like credit card or passport numbers. Glassbox says that they just provide the technology; they’re not there to enforce disclosure on behalf of their customers.
According to Glassbox CEO Yaron Morgenstern, the tool is primarily used to spot issues within the app like bugs.
According to a follow-up story from The Atlantic, those insights are then used to deliver a better customer journey. This means that marketers make changes that allow them to gently nudge customers toward the desired action.
These apps — which include financial institutions like Bank of America and Wells Fargo — are taking consent out of the equation.
Following this revelation, Apple announced a plan to crack down on the apps secretly recording your screen. App Store guidelines explicitly state that any logging, tracking, or recording, must be included in the terms of service. If a company fails to inform the consumer, then they violate Apple’s regulations and will be pulled from the App Store.
No guarantee that sensitive info is protected
Not every company involved with this process successfully secured customer data. The App Analyst took a closer look at AirCanada’s attempt to mask user data — and, let’s just say, they did not do a great job.
The airline experienced a data breach back in August 2018. What’s important to note here is that the company was not masking their data. Instead, they were screenshotting users’ passwords.
So while Glassbox might not support this kind of violation, whether their clients can mishandle data is outside of their control.
Should we be worried?
As Morgenstern says, the technology isn’t meant to record your activity; rather it tracks your habits as you move through the site.
So, if you’re casually shopping around on Hollister’s native app, the company can see that you’ve put some items in your bag but didn’t complete the checkout. Or, they might see that you went straight for the clearance section, which might prompt them to alert you next time there’s a sale.
This is basically what all websites do these days. They track activity so they can ID problems and present recommendations you actually want. Except, just about every website gives you that little cookies pop-up, letting you know it’s “designed to give you a better experience.”
Apple says customers should be aware of how companies collect data. This way they can choose whether they want to proceed with the download. It’s a consent issue.
Obviously, all brands collect data in one way or another, Apple included. The only real news is the lack of transparency. In no way is this surprising.
The fact that such a workaround exists means that there’s the possibility other branded apps are pulling a similar one over on their audience.