 |
| © REUTERS/Shannon Stapleton/File The new Apple iPhone Xs Max and iPhone X are seen on display at the Apple Store in Manhattan, New York, U.S., September 21, 2018. REUTERS/Shannon Stapleton |
By Zack Whittaker, TechCrunch
Apple is telling app developers to remove code that allows them to
effectively record how a user interacts with their iPhone apps — or face
removal from the company's app store, TechCrunch can confirm.
In
an email, an Apple spokesperson said: "Protecting user privacy is
paramount in the Apple ecosystem. Our App Store Review Guidelines
require that apps request explicit user consent and provide a clear
visual indication when recording, logging, or otherwise making a record
of user activity.
"We have notified the developers that are in violation of these
strict privacy terms and guidelines, and will take immediate action if
necessary," the spokesperson added.
It follows an investigation by TechCrunch
that revealed major companies, like Expedia, Hollister, and Hotels.com,
were using a third-party analytics tool, to record every tap and swipe
inside the app. We found that none of the apps we tested asked the user
for permission, and none of the companies said in their privacy policies
that they were recording a user's app activity.
Even though sensitive data is supposed to be masked, some data — like passport numbers and credit card numbers — was leaking.
Glassbox
is a cross-platform analytics tool that specializes in session replay
technology. It allows companies to integrate its screen recording
technology into their apps to replay how a user interacts with the apps.
Glassbox says it provides the technology, among many reasons, to help
reduce app error rates. But the company "doesn't enforce its customers"
to mention that they use Glassbox's screen recording tools in their
privacy policies.
But Apple expressly forbids apps that covertly collect data without a user's permissions.
TechCrunch
began hearing on Thursday that app developers had already been notified
that their apps had fallen foul of Apple's rules. One app developer was
told by Apple to remove code code that recorded app activities, citing
the company's app store guidelines.
"Your app uses analytics
software to collect and send user or device data to a third party
without the user's consent. Apps must request explicit user consent and
provide a clear visual indication when recording, logging, or otherwise
making a record of user activity," Apple said in the email.
Apple
gave the developer less than a day to remove the code and resubmit their
app or the app would be removed from the app store, the email said.
When
asked if Glassbox was aware of the app store removals a spokesperson
for Glassbox said that "the communication with Apple is through our
customers."
Glassbox is also available to Android app developers.
Google did not immediately comment if it would also ban the screen
recording code. Google Play also expressly prohibits apps from secretly
collecting device usage. "Apps must not hide or cloak tracking behavior
or attempt to mislead users about such functionality," the developer rules state. We’ll update if and when we hear back.
It's the latest privacy debacle that has forced Apple to wade in to protect its customers after apps were caught misbehaving.
Last week, TechCrunch reported that Apple banned Facebook's "research" app that the social media giant paid teenagers to collect all of their data.
It followed another investigation by TechCrunch that revealed Facebook misused
its Apple-issued enterprise developer certificate to build and provide
apps for consumers outside Apple's App Store. Apple temporarily revoked
Facebook's enterprise developer certificate, knocking all of the
company's internal iOS apps offline for close to a day.
COMMENTS