How did the human surveillance apps work in Apple gadgets

How did the human surveillance apps work in Apple gadgets

It was threatened to remove human surveillance apps from the App Store

A serious scandal flared up with some services developed for Apple gadgets. Experts have found that the platform collects user data without notifying the owners of smartphones. The number of applications for human surveillance included the development of such well-known companies like Air Canada, Hollister and Expedia. Apple said that such actions are unacceptable. The technology giant demanded that companies notify users about the collection of information, and in case of refusal threatened to remove the services.

How did human surveillance apps collect data?

Claims to the official platforms of the companies arose from the use of a third-party tool called Glassbox. It allows transmission to remote Session Replay servers. The program sees everything that happens on the screen of the gadget and sends this information. Thus, Glassbox sends to the server gestures, search queries, text typed by users, clicking on the display and more.

In most cases, such tools censor some fields. For example, we are talking about passwords, credit card numbers, information about e-wallets, other user information. But alas, it does not always work as it should. Apple experts found that the Air Canada service not only passed all the movements of the user, but also did not censor the data of users. That is, all entered passwords, passport numbers and much more were sent. In total, experts noted that thus there was a leak of user information of not less than 20,000 people.

Please note that Glassbox is used not only on the above applications. And there is a reasonable goal in it. The information that developers receive allows them to understand how users use a particular service, as well as to identify the cause of critical errors. However, most programs do not report the presence of Glassbox, which means that they carry out secret surveillance of the owners of gadgets.

According to media reports, Apple experts analyzed the privacy policy of Air Canada, Hollister and Expedia. In no case it has it been stated that the service collects user information and records the actions of the owner of the iPhone or iPad. To use Glassbox, you do not need the consent of the manufacturer or user, which is what organizations use when embedding the tool in their applications.

Media representatives tried to contact the companies involved in the scandal. The press service of Abercrombie said that Glassbox makes it possible to ensure the smooth operation of the platform. Thanks to it, the team identifies any problem before it becomes global. Some such answer was in Air Canada. The company reported that they use the user information to meet the needs of customers, as well as to solve any problems during the flight. At the same time, the office of the air carrier stressed that the program does not record information outside the service. Singapore Airlines stressed that such actions are consistent with the privacy policy, and they notify users of this in paragraph 3 (although in reality nothing like this is found). Expedia ignored media requests.