The tech giant said that developers either remove the code from the app or disclose it to user for consent, or face action.
After reports about the session replay investigation by TechCrunch was out, Apple took centre stage immediately. The Cupertino giant has instructed all iOS app developers that they should either remove the said codes from their apps or disclose it to the user, or face action. The punishment for failing to do so could be as severe as having the offending app forcibly removed from the App Store.
According to an investigation done by TechCrunch, session replay technology is abusing the iOS norms. The report from TC states that popular travel apps such as airline, hotels and retail, are secretly recording screens from iPhone users without their consent. The practice, known as session replaying, involves a third-party firm (Glassbox) which embeds its technology into the app.
Glassbox’s software records every action taken on the app by the user and also grabs screenshots along the way. What spelled worse was that apps such as Air Canada, and a few other travel websites, were also recording sensitive data fields such as passport numbers, credit card details and other financial and personal information.
Apps mentioned in the investigation include Air Canada, Abercrombie & Fitch and its Hollister subsidiary, Expedia, Hotels.com, and Singapore Airlines, among others.
Apple confirmed to the publication that its App Store Review Guidelines prohibit this kind of activity without first gaining proper consent from a user. “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity,” an Apple spokesperson tells TechCrunch. “We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.”