Some iOS apps track every tap or swipe you make
Apple iPhone users might not be aware that some of the apps they use are recording each and every move that they make while using the app. Even worse, some of these apps appear to mask sensitive data but are actually recording credit card numbers, social security numbers, and other information that most people would prefer not to give out. According to Tech Crunch, apps from carriers, airlines, travel sites, banks and others don't tell you that they are doing this.
A company called Glassbox is one of a few companies that offer app and website developers technology that allows them to record the screen and watch how users navigated their app. By reviewing the taps and swipes made by an iPhone user while using an app, a developer can see if certain features of the interface failed to do the job they were designed to do. Glassbox posted a tweet recently that said, "Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it."
The App Analyst, who posts his analysis online about how apps collect user data, recently pointed out that the Air Canada iOS app uses Glassbox. The technology is used to capture numerous screenshots during a user's session with the app. Even though Glassbox allows developers to have sensitive fields blacked out so that the screenshots they take don't reveal any personal information, it turns out that some of the screenshots captured by the Air Canada app do show some of this personal data.
When creating a new account, or resetting a password on the Air Canada app, the screenshots taken by the app do reveal a user's password quite clearly. According to The App Analyst, if either Air Canada or Glassbox were to save the passwords that can be seen via these screenshots, the pair would be going against industry standards. Consider that last August, Air Canada had a data breach that affected 20,000 users of its app. Talking about screenshots that reveal personal info, The App Analyst says, "Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords."