Apple has warned app developers they must remove or disclose the presence of software that enables them to record the screen of iPhone users or face “immediate action”.
It comes in response to a report from website TechCrunch, which claims a number of apps were using third-party analytics software to record the taps and swipes of users inside their apps.
The report said none of the apps involved appeared to ask users for explicit permission to record screen activity or disclose their apps use such software.
Travel site Expedia and Abercrombie and Fitch subsidiary Hollister were among the apps named.
In a statement, Apple said: “Protecting user privacy is paramount in the Apple ecosystem.
“Our App Store review guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging or otherwise making a record of user activity.
“We have notified the developers that are in violation of these strict privacy terms and guidelines and will take immediate action if necessary.”
According to the report, software from customer experience analytics firm Glassbox was one tool used to carry out the recording technique, which is known as “session replaying”.
The report also claimed cyber security research had found screen masking – black boxes used to hide sensitive information such as credit card details entered into some apps – did not work in some cases when sending data back to an app’s own servers, potentially leaving personal data at risk.
In a statement, Glassbox said while it believed the report had raised “valid concerns”, it was “partial and doesn’t adequately convey” what the company does and the protections it puts in place.
“Glassbox and its customers are not interested in ‘spying’ on consumers,” the firm said.
“Our goals are to improve online customer experiences and to protect consumers from a compliance perspective.
“Since its inception, Glassbox has helped organisations improve millions of customer experiences by providing tools that record and analyse user activity on websites and apps.
“This information helps companies better understand how consumers are using their services, and where and why they are struggling.
“We are strong supporters of user privacy and security.”
It added: “Glassbox provides its customers with the tools to mask every element of personal data.
“We firmly believe that our customers should have clear policies in place so that consumers are aware that their data is being recorded – just as contact centres inform users that their calls are being recorded.”
In a statement, a spokeswoman for Expedia Group said: “We can confirm that Expedia Group brands are not actively using Glassbox services on any of our native applications for iOS or Android.
“On select Expedia Group brands native applications for Android, Glassbox exists from a prior proof of concept in the codebase but it has been disabled for some time and has not been actively capturing information.”
The incident comes in the wake of Facebook falling foul of Apple’s privacy policies.
Last week, Apple temporarily cut off Facebook’s access to its internal apps after it was discovered the social network had used a programme designed for internal app testing to distribute a market research app to members of the public who had agreed to let Facebook access all the data on their devices.
