Home News Glassbox SDK Being Used on iOS to Record Screens Without Your Permission

Glassbox SDK Being Used on iOS to Record Screens Without Your Permission

Feb 11, 2019

There is a new report out this week that is showing apps have been using the Glassbox SDK on iOS to record your screen without your permission. If you have never used Glassbox before, it is an analytics firm that specializes in customer service. Services such as Glassbox will track all of the swipes and taps that you make on your iOS device.

Many different kinds of apps have been using Glassbox, including Expedia, Hotels.com, Hollister, and Air Canada. While tracking data is important, the report is showing that your screen is being recorded without your permission. Obviously, that is a huge concern and invasion of privacy. Keep reading to learn more about this new report regarding the Glassbox SDK on iOS and how it is capturing your information.

Glassbox SDK is Recording Your Screen Without Permission on iOS

This new report is fairly concerning considering it is saying that Glassbox is recording your screen without your permission. A lot of apps are using the Glassbox SDK in order to get better analytics regarding customer experiences. While that in itself is not a problem, the recording of your screen without your permission is a huge issue. A lot of sensitive information can be revealed by recording your screen, such as banking information, login information, and much more.

The main issue is that session replay technology is used within Glassbox, and this is where the screen recording is coming from. This session replay technology allows the developer of that app to record the screen display. The developers are able to then review these displays to see how the people are interacting with their app. This means every push of a button, every keyboard click, and every tap is recorded. For app developers, this technology is great because they can see exactly where there was an issue or if something within the app didn’t work correctly.

Glassbox SDK Isn’t the Only Issue for Air Canada iOS App

Another piece of concerning information comes from The App Analyst with the iOS Air Canada app being the main issue. The App Analyst had reported that the app does not actually mask these session replays. For you, it means that credit card information and other sensitive information like passport numbers are revealed during the sessions.

If you are wondering what all that means, it means any Air Canada employee is able to see this information. Even worse news for Air Canada is that a data breach was discovered recently. In this data breach, more than 20,000 different user profiles were snagged. When it comes to security, this is another huge issue since your private information is now out there for all to see.

Glassbox Defends Technology as More Details Emerge

Glassbox recently sent out a tweet that basically defended the use of these technologies. The company sent out a question about just imagine if an app could see what the customers are doing. It went onto say this can happen in real-time. The developer would then be able to figure out why they were doing something. There was no acknowledgment of the issues that were found in this new report though. Going further into the details of the report, we also wanted to tell you a little more about that.

When it comes to the Glassbox SDK, there is also the fact that some of the apps using this SDK are sending the data directly to the Glassbox servers. Other apps and companies are choosing to send the session replays and data to their own servers. Either way the data went, it was accessible using man-in-the-middle tools and it was all unmasked. The report found that Hollister was one of the apps sending the data and replay sessions to Glassbox. Other apps like Hotels.com and Expedia were sending these replay sessions to their own servers.

Do You Think the Glassbox SDK is Harmful?

As you probably know, screen recording and the analytics involved with that are really not new. Apple has not really done anything to stop the use of these types of analytics frameworks, and we do not know if they will in the future. We hope that a crackdown on this happens soon, because a lot of personal and private information is now being unmasked due to apps using this technology.

In the comments below, we want to know if you fear for your privacy due to the screen recording technologies. Do you think the Glassbox SDK is actually useful for developers to figure out issues that might exist within their apps? What other concerns do you have when it comes to your security and privacy on mobile?