Quick Links

TechCrunch claims many iPhone apps "secretly record your screen." Is that true? Well, yes, kind of---but their recording abilities are limited. Apple is now cracking down on these apps and requiring more transparency, too.

An App Can Only Record Your Activity In the App

First, let's make this clear: iPhone and iPad apps can't record everything you do on your phone's screen. An app can only record what happens within the app itself.

In other words, even if an app is trying to record everything it can, it can only record the swipes, taps, and data you enter within that app. The Expedia app was one of the few singled out here. So, if you're using Expedia, the app can record everything you swipe, tap, and type into the Expedia app. But, after you leave the app, it can't see anything you do on your home screen or anything you type into another app. Apple's iOS operating system would prevent apps from recording your screen all the time, even if they wanted to.

The only person who can record everything on your screen is you---with the screen recording tool built into iPhones. Apps can't access that.

App Developers Are Monitoring Their Own Apps

Expedia app on iPhone

With that scary headline taken away, we can see what's going on: Apps from many major companies are monitoring what you do in the app itself.

It shouldn't be a huge surprise that this is possible. When you're using an app like Air Canada, Hollister, or Expedia, that app can monitor everything you tap and swipe in the app itself. It can monitor how many seconds you spend looking at a particular screen. It can even record text you type into that app. For example, if you type a credit card number into the app before changing your mind, deleting it, and typing a new credit card number, the app can capture that first credit card number. After all, you typed it in the app, and the app can monitor everything that happens in the app itself.

None of this is excusing the larger issue: That companies are doing this without clearly disclosing it to their customers. But you should be aware that, even if a company says it isn't doing this in its app, any app can monitor anything that happens inside itself and you have no way of knowing. Apple is now trying to stop this from happening without your knowledge, which should at least give some app developers pause.

Websites Do This, Too

This behavior isn't just restricted to iPhone apps. While you're visiting a website, anything you do on that website can be monitored. It often is, too.

Websites can see what you clicked on, how long you spent viewing an ad, and how much time you spent on different parts of the page. If you type information into a field on the website, a script running on the website can capture the text and send it off to its servers---even if you haven't pressed Enter or submitted the text.

For example, this is used in online chat support interfaces. The support people on the other end can often see exactly what you're typing, as you're typing it---even before you "send" the message. That's designed to help speed up the support experience.

As with apps on your iPhone, websites can only see what you do on the website itself. A tracking service might be able to track you across multiple websites if each website has chosen to embed the script. But a website you have open in one browser tab can't see what you're doing on your online banking website in another browser tab, or even that you have your online banking website open.

The Real News: Apps Are Recording Your "Session"

Glassbox software panel
Glassbox

The real news here is that app developers are monitoring your usage of their apps in very detailed ways.

TechCrunch covered apps that use the "Glassbox" software app developers can embed in their apps. It uses "session replay" technology that lets a developer record and capture everything you do in the app. This includes everything you tap, swipe, and type in the app. The developer can "play back" your usage of the app, which is particularly useful if you encountered a problem. They could also use this data in aggregate to see how people are using the app and which features they're using.

As TechCrunch notes, The App Analyst recently demonstrates that Air Canada wasn't properly "masking" session replays, exposing credit card details and passport numbers to people who replayed the session. Air Canada employees with the session data could potentially see your private information. That's bad, but the threat is restricted to employees at the company you're already sharing data with.

Apple Will Require Transparency

Apps haven't been up-front about this data collection. Apps don't let you know that they're doing this in their privacy policies, much less that app itself! But, let's be honest: Even if apps warned you in their privacy policies, would you even notice? No one actually reads those.

Apple has now taken notice and will require apps to get user permission before collecting this type of data. "Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity," Apple said in an email to TechCrunch.

So Are Apps Really Recording What You Do?

Some apps have been recording what you do, but only within that specific app. Expedia can record what you do in the Expedia app, for example---but that's it. Even if private data isn't properly protected and people could see it, the threat is limited to employees of the company that built the app.

Apple is stepping in and requiring developers to be less secretive about this particular type of tracking. But apps will still monitor many of the things you can do inside them, even if they have to request permission first. It's more likely that developers simply won't collect as much data. Maybe they won't be able to "play back" your session, but they'll probably still know what features you're using.

Heck, by default, even Apple's iOS operating system itself collects information about your "usage" and sends this information to Apple. This is fairly common. The big news here is that apps were being secretive about it and collecting more data than normal.