Following a Wednesday report from TechCrunch that popular iPhone apps are recording the in-app activity of users without their knowledge through analytics companies like Glassbox, Apple has reportedly responded by threatening “immediate action” if they don’t knock it off or inform their users that their activity is being recorded, the site reported Thursday.
In a statement to TechCrunch, a spokesperson for Apple reportedly said that failing to notify users that their screens or actions are being recorded violates its App Store Review Guidelines. The spokesperson said Apple had reached out to the developers about the breach of its terms, and an email it reportedly sent to a developer and obtained by TechCrunch told the individual they had less than 24 hours to remove the code or their app would be pulled from its App Store.
In a statement to Gizmodo about the report, a spokesperson for Glassbox said the tool is used to weed out potential bugs or errors and improve overall user experiences. It added that “data collected by Glassbox customers is only captured via their apps, and is neither shared with any third parties, nor enriched through other external sources.”
Glassbox also noted that it “restrict[s] access to recorded data to authorised users” and that it audits the individuals who do have access to that information.
But while Glassbox claims that its session replay service is used to improve user experiences, user data may be put at risk during screen recordings if clients fail to adequately mask user information, according to TechCrunch’s investigation as well as findings by mobile researcher the App Analyst. When asked by Gizmodo about those findings, the company shifted blame to its customers. While it Glassbox claims it can mask “everything,” it said that its clients sometimes make “mistakes.”
Air Canada is one such Glassbox client identified by the App Analyst as failing to properly mask data, but the company’s customers also include big brands like Expedia, Hotels.com, and Abercrombie and Fitch, among others—some of which are responsible for guarding sensitive user data.
As Glassbox is a cross-platform product, it’s also available for Android. TechCrunch reported Thursday that though the recordings appear to violate Google Play’s guidelines, it wasn’t immediately clear if Google would be taking action as well. We’ve reached out to Google and will update this report if we hear back.