Apple Tells App Developers to Disclose or Remove Screen Recording Code

Apple Tells App Developers to Disclose or Remove Screen Recording Code

Apple is telling app developers to either remove or properly disclose to users their use of code that allows them to record the way a user interacts with their iPhone apps—or face removal from the app store.

Apple is telling app developers to either remove or properly disclose to users their use of code that allows them to record the way a user interacts with their iPhone apps—or face removal from the app store, TechCrunch reports.

The news follows a TechCrunch investigation that found major companies were using a third-party analytics tool to record users’ every tap and swipe within the app. They found that none of the apps they tested asked permission from users and none of the companies disclosed in their privacy policies that a user’s app activity would be recorded.

Sensitive data is supposed to be masked, but TC reports that data like passport information and credit card numbers was leaking.

Glassbox is a cross-platform analytics tool specializing in session replay technology. It lets companies integrate its screen recording tech into their apps to replay the way a user interacts with the app, but Glassbox “doesn’t enforce its customers” to disclose in their privacy policies that they use the screen recording tool.

However, Apple specifically bans apps that covertly collect user data without permission.

In an email, an Apple spokesperson said, “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson said.

TechCrunch heard from multiple app developers who had been notified by Apple that their apps were breaking Apple’s app store guidelines.

At least one app developer was told by Apple to remove code that recorded activity in the app, via an email that said, “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

The developer was given less than a day to remove the code and resubmit their app or else face removal from the app store, according to the email.

Glassbox can also be used by Android app developers, but Google has not commented on whether it would also ban the screen recording code.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

  • Deploying in a Hybrid, Cloud Environment

    The way organizations manage access control is evolving. Traditional on-premises systems come with high IT and server requirements. At the same time, fully cloud-based solutions may not meet the needs of every facility. Read Now

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.