████ sub likely contains entire articles and possibly more, and probably needs a trimmin' ████
Submitted via IRC for SoyCow1984
Apple has begun notifying [techcrunch.com] developers who use screen-recording code in their apps to either properly disclose it to users or remove it entirely if they want to keep their apps in the App Store. The move comes after a TechCrunch report [techcrunch.com] showed that many apps do not disclose such activity to users at all, and some sensitive user data has been compromised through screen recordings.
Apple revokes Facebook’s developer certificate over data-snooping app—Google could be next [arstechnica.com]"Protecting user privacy is paramount in the Apple ecosystem," an Apple spokesperson told TechCrunch. "Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."
The initial report highlighted third-party analytics code used by Air Canada, Expedia, Hotels.com, Hollister and other companies in their mobile apps that allows them to record the screens of users while they navigate the app. These "session replays" are designed to help developers work out kinks, make informed UI decisions, and better inform them on how users are interacting with their apps in general.
However, many apps do not tell users that their activity is being monitored by screen-recording code. Also, some session replays reportedly compromised sensitive user information. While they are designed to mask such data, TechCrunch reported that Air Canada's app was not properly masking information such as users' passport and credit card numbers.
In the cases cited in the original report, the analytics firm Glassbox provided the third-party code that allows apps to record every tap, swipe, and gesture that a user makes in an app. While the primary goal of the company's technology is to give developers more information about how users interact with an app, Glassbox "doesn't enforce" a policy that its customers disclose to app users that their activity will be recorded.
"Glassbox and its customers are not interested in ‘spying’ on consumers," Glassbox told The Verge in a statement [theverge.com]. "Our goals are to improve online customer experiences and to protect consumers from a compliance perspective... We are strong supporters of user privacy and security. Glassbox provides its customers with the tools to mask every element of personal data. We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded—just as contact centers inform users that their calls are being recorded."
In contrast, Apple demands a certain level of disclosure from all app developers with programs in the App Store. Just last week, the iPhone maker revoked both Facebook's [arstechnica.com] and Google's [arstechnica.com] enterprise app certifications for distributing iOS apps outside of the app store to non-employees. Facebook and Google created "research" apps that they were using to obtain a ton of user information, including browsing history, app usage habits, and even message contents.
Apple's response to this screen-recording controversy shows that its primary concern isn't necessarily the analytics code itself but the disclosure to users that such technology is being used. By properly notifying users that such code is in place, it allows the users to decide whether or not they want to use the app in question.
According to TechCrunch's newest report, Apple began notifying developers who use screen-recording technology yesterday that they must properly disclose the feature or remove it entirely. Developers only have one day or so to follow Apple's instructions, and if they don't, their apps will be removed from the App Store until they do.