Apple’s iOS screen recording functionality – which was first introduced in version 11 back in 2017 – comes in handy when you’re making how-to videos, testing UI/UX for your apps, or simply recording gameplay while you crush it on Fortnite. Unfortunately, the feature can also be exploited by app developers to secretly record your activities. It’s good Apple’s putting a stop to that.
Earlier this week, TechCrunch reported that selected popular apps such as Expedia, Hollister, and Air Canada record activities on your iPhone without asking for your permission. Some of them use third-party services like Glassbox, which takes advantage of the Session Replay functionality in iOS to record your touches, swipes, and keyboard inputs, and sends them back to developers.
Now, most of these session recordings ought to mask sensitive and personal information. The idea of these session recording services is to capture how people use certain apps. But if the implementation is poor, these apps can leak customer data. Case in point: last year, The App Analyst blog found out that due to poor code execution, details of 20,000 Air Canada customers were compromised.
In its defense, Glassbox said that its SDK operates only within the confines of the native app. And it’s their customers like Expedia and Air Canada who deal with App Store-related concerns.
Now, in response to this discovery, Apple said it’s notified developers to make changes to clearly indicate that the app is recording user activity, or risk being removed from the App Store:
Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.
We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.
This means that from here on out, all the apps that tend to record your screen or activity need to specifically ask for your permission and show and clearly indicate they’re recording. Sure, the developers might need to change their codes in order to bring these modifications to the fore, but it’ll be a win for the end-user privacy.
Some of the apps such as Stream Labs, a broadcasting service, already have an elaborate process to start screen recording that’ll allow users to stream content. Apps like these might therefore only have to make slight modifications to comply.
Most people, including me, would be wary of giving permission to an app to record the on-screen activities unless they specifically tell us what they’re capturing. This’ll make apps be more upfront about their tracking activities.
Also, Apple will be checking for screen recording code more often before the developers submit their apps to the App Store, to weed out the privacy-invading code.
We’re living in a world where there’s news outlining privacy invasion by major corporations everywhere. Apple’s crackdown on apps crossing their boundaries is certainly a welcome step.