SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1984
Apple to developers: disclose screen recording or get booted from App Store
Apple has begun notifying developers who use screen-recording code in their apps to either properly disclose it to users or remove it entirely if they want to keep their apps in the App Store. The move comes after a TechCrunch report showed that many apps do not disclose such activity to users at all, and some sensitive user data has been compromised through screen recordings.
Apple revokes Facebook's developer certificate over data-snooping app—Google could be next"Protecting user privacy is paramount in the Apple ecosystem," an Apple spokesperson told TechCrunch. "Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."
The initial report highlighted third-party analytics code used by Air Canada, Expedia, Hotels.com, Hollister and other companies in their mobile apps that allows them to record the screens of users while they navigate the app. These "session replays" are designed to help developers work out kinks, make informed UI decisions, and better inform them on how users are interacting with their apps in general.
However, many apps do not tell users that their activity is being monitored by screen-recording code. Also, some session replays reportedly compromised sensitive user information. While they are designed to mask such data, TechCrunch reported that Air Canada's app was not properly masking information such as users' passport and credit card numbers.
(Score: 5, Interesting) by ledow on Sunday February 10 2019, @07:41PM (3 children)
You mean that their super-duper "code review" process can't detect this?!
(Of course it can't. If you don't want people recording the screen, do NOT provide them with access to the screen memory except for what they need to draw their app - i.e. precisely nothing but an app-specific surface)
There are two legitimate reasons to record the screen, on an OS which supposedly isolates all the apps from each other - to take a screenshot, or to record a screen recording for training purposes etc. It could literally be a specific permission that is *not* turned on for any apps at all, and the user has to switch it on. Then "finding" such apps is a cinch - anything that requests screen access.
If you had half a brain or a truly secure OS, those capabilities would have to be declared at install time, and could be "emulated" if the user so chooses (i.e. "I deny that access, so make it think it's recording the screen and just supplying a blank image to the program when it asks"). Without the install-time declaration, they don't get access to the API. Without access to the API, they can't record the screen. And then "finding" these apps is literally searching the app store for all those that request that permission.
Apple, screwing the user over again, putting a polish on poor security and terrible user interaction.
And the Facebook app literally installed a certificate to intercept SSL sessions, a trick common among thousands and thousands of rubbish free games - install a security profile, make the user sign-in, take control of the entire device permanently, even after app-removal.
(Score: 0) by Anonymous Coward on Sunday February 10 2019, @08:06PM
You're leaving for good? This is a good thing. I was getting tired of your loose testes anyway.
(Score: 3, Insightful) by corey on Sunday February 10 2019, @08:20PM (1 child)
While I agree to your sentiment and points generally, is Android better? I sense not, it always seems behind in security and privacy. I'm an Android user from the start too.
Does anyone believe these gestures by Apple regarding user privacy? Including refusing (publicly) to open that dude's phone to the FBI. Especially in that instance, my conspiracy side thought it was public perception management and secretly they did whatever the feds wanted. I guess because Apple is so brand focused, they go to great lengths to protect it.
(Score: 1, Interesting) by Anonymous Coward on Sunday February 10 2019, @09:45PM
No I don't believe Apple, obviously they knew about apps being able to record full screens, obviously the FBI request was bullshit since they went ahead and got the data off the phone. Why lie and pretend innocence? Apple sold their phones as respecting privacy and being the "smart" option. Just witness the trend of social superiority for owning the latest iclone.
So Apple's impervious security was not so, and they gave app devs the ability to record the full screen and only now require they divulge such info???? Pleeeease. Just the fancy shiny turtleneckers lying to consumers as usual. Open hardware, open software. Not a guarantee of security but at least it will be possible to have some level of confidence.