iPhone, and the iOS ecosystem, have been known to be extremely secure when it comes to protecting from external threats posed by third-party apps. However, this perception might change with this new development.
TechCrunch found out that popular iPhone apps like Expedia, Air Canada, Hollister, and more have colluded with Glassbox, a customer experience analytics firm, to capture as much user data as possible. This involves tracking where the user clicks and interacts on the app, including recording the screen.
Abercrombie & Fitch, Singapore Airlines, and Hotels.com are also part of this programme that involves all the above-mentioned actions without any prior consent from the iPhone owner. A custom "session replay" technology is embedded into the apps that helps developers record the screen and figure out where users encountered errors on the app.
It gets worse. This technology lets developers see even encrypted data like usernames and passwords. This is because most of Glassbox's customers haven't been masking sensitive data properly on the apps.
Glassbox doesn’t require any special permission from Apple or from the user, so there might be no way to figure out whether a particular app is doing this or not.