Hacker News new | more | comments | ask | show | jobs | submit login
Many popular iPhone apps are recording user sessions without asking (techcrunch.com)
270 points by samaysharma 16 days ago | hide | past | web | favorite | 120 comments



A lot of people here are commenting that its no big deal that organizations are recording every screen, tap and swipe for their own apps. There are two problems with that:

1. As the article mentions, in some cases these apps end up leaking sensitive data like credit card detail and passwords. Generally, if you are taking snapshots of the user's screen instead of sending text metrics, it becomes much harder to mask sensitive data at all times.

2. The bigger issue is that these services generally use third parties to record this, and their privacy policy is a big problem. For example, Glassbox explicitly mentions that it will share end user personal data with their "enterprise" clients (which I am guessing are basically ad companies):

> From time to time, GLASSBOX grants certain of its enterprise clients a license or other rights to GLASSBOX’s proprietary software products and solutions (the “GLASSBOX Solutions”). Through their use of these GLASSBOX Solutions and/or through other means, enterprise clients of GLASSBOX may get access to, collect and use: (i) End User non-personally identifiable information; and (ii) End User Personal Data.

> There are also times when we will combine such information with additional non-personal or de-identified information we obtain from other companies as well as End User Personal Data, in order for our enterprise clients to market directly to a certain person subject to requirements of applicable law. We typically analyze this information and organize it into user groups and audiences, based on factors such as age, gender, geography, interests and online actions. We and our enterprise clients then use these user groups and audiences, along with information about the possible relationships among different browsers and devices, to design and deliver customized advertising campaigns or other relevant content.

https://www.glassboxdigital.com/privacy-policy/


Are any of these apps used in the EU? If there’s no user consent for this privacy policy it strikes me that this isn’t GDPR compliant and these guys are just waiting to get fined. I wonder if they can get it around it by having their clients (Hotels.com, etc) essentially proxy this consent through their own privacy policies.


GDPR covers personal data. It is not universal magic dust for punishing everything you dislike.

Movement of your finger on the screen is not personal data. Screenshots most of the time aren’t either.


I’m not sure how that’s true when the article mentions that they’re leaking users’ personal data like credit cards and so forth. Also it seems Apple just released a “cease and desist” due to privacy on this front.


I'm seeing lots of "but this is super helpful to improve UI flow, and normally isn't nefarious!"

Well, as long as the app 1. lets me know and 2. lets me choose whether to have this feature on or not, I don't have a problem with an app recording my usage of it in order to improve UI flow or what have you.

The issue here is that 1. sensitive data is being transmitted via automated screenshots and 2. the users are not even being made aware of this fact, let alone being given a choice.


> lets me choose whether to have this feature on or not

And that's why UX is optimized for people who don't care about privacy :)


Seems like a useful testing feature that ought only to be allowed on testing versions -- the ones for which there are already different rules & different certificates.


Options aren't good enough, the fact the code is even in there is scary and there's nothing to gurantee your selection is being respected. No telemetry code and open source to prove it is the only kind of software anyone should be installing. I'm starting to think distributing software like this should be akin to wire tapping.


If you run someone's software on your device, you are giving them a huge amount of trust. So many privacy and security concerns stem from people hoping this weren't true.


One of the reasons why I switched from iPhone to Android is the firewall.

On my jailbroken i-devices (all of them) I was always installing "Firewall IP", and when an app was running, for any connection not previously (or globally - meaning rule applies for all apps) approved I would get a pop-up message (screenshot of an earlier iOS Firewall IP)[1].

Now with the jailbreaks being less efficient, and the Firewall IP app not been updated for a few years, I switched to Android and I am using "NoRoot Firewall" [2] for the same exactly purpose. I globally block all FB, ads, trackers

There is always the extra option for rooter/jailbroken phones to block things on the hosts file using host file selections from someonewhocares.org [3].

[1]: https://rdsbc.files.wordpress.com/2011/03/wall1.png

[2]: https://lh3.ggpht.com/fXRZfgSmArBemdjABjUDu0ibP9Gis3GV5YXTVj...

[3]: https://someonewhocares.org/hosts/


I think for most users Apple does a good job protecting them, but this is definitely one significant area of weakness for the platform. There are ways to implement similar controls using a VPN service[0], but of course then you need to trust the VPN operator.

[0]https://techcrunch.com/2018/10/24/smart-firewall-guardian-ip...


One could easily host their own VPN and trust only themselves.

You could further connect to a vpn service if you wanted anonymity, although that would of course require trusting them.


> easily

it's a lot more difficult/leaky, for example it's not possible to block a certain app from accessing the internet;

Sure, you can gather all the domains it connects to and block those, but those domains and/or ip addresses can change over time. And when they do, you will not notice, and the app will be able to access the internet until maybe one day you notice and start blocking the new domains/ip addresses.


Apple projects an aura of protection, and most of the protection it does really well, is of the bottom line, by crippling W3C compliance on Safari, and pushing devs and users to it's app store


My favourites are:

- Blokada (https://blokada.org/): Does DNS-based blocking, good for blocking ads/trackers generally

- NetGuard (https://www.netguard.me/): With Pro, has traffic logging and the ability to filter by address or app. My approach for most apps is to disable all access then selectively whitelist as necessary to make it functional again.


For Samsung, there are Knox based options (I recommend adhell3) for host file style blocking that don't require root or vpn.


The firewall would block the Glassbox IPs, but I can't see this doing any good for the apps that use this technique and don't use a third party like Glassbox to collect the data.


One annoyance is that SafetyNet pretty much prevents using Google Pay on a rooted or modified device.


Quoting https://forum.xda-developers.com/apps/magisk/official-magisk...: "Installing Magisk will give you ROOT, a super powerful Systemless Interface, Magisk Modules support, and hide from tons of integrity tests like SafetyNet!"

My Pixel 2 is rooted with Magisk, and passes Safetynet. I use Google Pay all the time.


I’ve worked with a similar library before: appsee. While it does have a little bit of value in helping trace crash reports and provide heat maps, we ultimately got rid of it and for the better. It can be hard to find and “cover up” every single place where sensitive information can be displayed. That’s really up to the developer to manually do most of it, though some of it is done automatically (e.g. password fields). Even the most well intentioned developer can miss out on a label that shows th user’s email or a text field with address data. And that’s just the developers who know about this challenge and try to do something about it. I’d venture many don’t. Just as bad is the performance hit. Taking screenshots utilizes the main thread (no way around it) and it just kills any attempts at making buttery smooth animations throughout the app. Suffice to say, such libraries are just not worth it for the perceived value they allegedly provide.


A two/three years ago I noticed that inspectlet (similar tech for the web) was happily sending the passwords in clear text to their servers, even though on their website they mentioned that passwords are never sent. I sent them an email and they eventually fixed it, but I wonder how many passwords and credit card CVC data did they collect before that?


A few years ago I was doing a security audit on a site and found this very problem. The marketing department had access to the Google Tag Manager account and added several (!) almost identical user tracking plug-ins. They were capturing all form fields, including credit card numbers, passwords, etc...

The documentation talked about how to block this capture but that involved a developer getting involved and the developers didn't even know about the plug-in.

Basically, don't add a third party service to any app or website without doing a secuity review, especially if marketing, product or UX have suggested it!


That's why it's good to separate the marketing website from the main product to different domains. When you can.

* www.mydomain.com - install Google Tag Manager, let the marketing people go crazy

* app.mydomain.com - all tracking request has to go through a developer

That works well for SaaS type of products. Not so well for online stores where you want everything integrated.


> * www.mydomain.com - install Google Tag Manager, let the marketing people go crazy

Even there, that's dangerous. Most marketing people are not trained in legal matters and install all kinds of shit with dubious legality. In addition the tons of trackers on websites make the user experience really slow. Approval by legal and tech should be the standard process, not "marketing has free rein to fuck over the company due to messing up GDPR compliance".


I think that you should go one further - and do periodical or continuous security reviews of the third party services you're using on your app or website.

You're reliant on them behaving in the same manner consistently, and behaving ethically when they change their service's behaviour.


And legal.


But as long as the site's using HTTPS you have nothing to worry about, right? /s


Why does this article specifically single out iPhones? This happens on all platforms, even web apps.


Apple has enough of a history responding to things like this to make publishing an article about bad app behavior on iPhones a plausible way to bring it to an end. If your goal is to change app store policies, including Android phones is just going to dilute the possibility that Apple responds to an iPhone article for no additional gain because Google is unlikely to do anything.


"Apple tells app developers to disclose or remove screen recording code"

You win a medal!


A fair point!


Is it singling out Apple or did they just hear about it happening on Apple and decide to write that up? Sure they could have investigated to see if it happens on other platforms, but you gotta get the story out there fast otherwise someone else will.


I guess I'm not SUPER concerned about a given app reporting on what I do in that app back to the publisher. It might even be possible to convince me it's a reasonable way to figure out what the app does well and what it needs to improve.

We could never get away with doing this for our (Windows) app, but sometimes I have conversations with people in my user base and I really, really wish I had some idea of how they got into some $random_weird_state.

But yeah, it oughta be in the T&C if nothing else.


Not sure how long it's been there, but found this in Inspectlet's terms of service:

7. Disclosure. As soon as you begin to use Our Service, You agree to add a disclosure to either Your terms of use, user agreement and/or privacy policy to inform Your end-users and customers of Inspectlet’s access to their Personal Information through Your website, and adding a link to Our Privacy Policy which governs Our use of all such Personal Information accessed by Inspectlet through Your website or through Your use of Our Services.


Acquiring end-user telemetry by recording inputs and sending them to the app developer is not great especially if they don't ask for your permission.

This is quite different than the sensational headline. update: fixed wording


Telemetry implies capturing data in the form of measurements. Stuff like "touchscreen swipe: element, location, and duration". A click heat-map would be an example of telemetry.

This isn't the same thing. This is an actual recording of a user's entire session. While it doesn't capture a rendered image like a "screen recorder" would do, it captures every change in real-time, so it can play it back perfectly, and the end result is the same: you can watch a video of your user's session.

And I can personally confirm that people definitely stand around the water cooler and talk about the stuff they watched. It's creepy.


Reminds me of this research from Princeton, on the exfiltration of personal data via equivalent session-replay services for web:

https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfil...


Anyone have an idea for how to block this on your iphone? Perhaps content filtering glassboxdigital.com? Not sure if that would stop however it is that they're transmitting back to their servers.


Possibly... I might try using Charles Proxy mobile app to observe what domains data is being sent/received from, then on your home network use something like Pi-Hole to block those domains.


Does Charles (iOS) allow capturing traffic of any app launched? Is it like a "record" button for network traffic?


If you can monitor it via a web proxy, then you should be able to block it the same way.


Long ago a company I worked for had an iOS app and use some IBM product for the web version (Leaf? or something) and they forced us to use it in the app as well, it recorded the contents of each page basically (some fields were blanked out). It also crashed so much it was worthless. I never found it remotely useful to have such detailed info. Tagging service calls with a GUID was much more useful, as well as recording service errors and exceptions in Google Analytics. While we of course knew who the tag belonged to (after all they were our customer's orders) it was of no use to anyone listening in or watching the tags go by.


The problem with analytics is too much info or not enough info. At each employer, I usually do my best to get involved with the analytics portion of our applications. Apart from just finding it interesting, I also like to try and interject some sanity. I've seen managers walk in, puff our their chest and say, "Just collect everything. We'll sort through it here. Make it happen." After they walk out I engage everyone in conversation about that and try and let them know that we should actually be creating a list of questions we want answered and work from there. Collecting everything is almost always not the right idea.


So if I'm understanding this right, the big issue they have is that they're not telling the customers that they're doing it. Can't any website do exactly the same thing in recording every keystroke written into it without a customer knowing?

Does it really even matter if you're sending them your credit card details anyway?


> Does it really even matter if you're sending them your credit card details anyway?

But are you sending them this info? I thought a lot of sites used third-party payment processors precisely in order not to handle this data themselves (and be liable for mishandling).


I guess in an app they could screen record that transaction, but if they're only storing fields and values, this is outside of what they can capture.


This has been done for many years on the web. The first one I can recall was Hotjar, which offered both heat maps and session replay.

I have no comment regarding the ethical implications of this technology, but I can see why it is useful practically.


I was in charge of building this kind of product for another analytics company, this technology is called session replay, and it is used for many use cases, like : UX improvement/ support/ bug detections ...

Most of vendors record keyboard inputs and thus can record password as well as credit card information, there was an affair about it a few years ago [1]. To not have this issue, most of vendors provide a way to not record those information. It requires manual tagging of the website on the element that contains critical content.

But many of session replays vendors have many clients, and don't force or don't verify that all the critical information are masked. This is not GDPR compliant, because when the GDPR apply you need to consent of the user to record his PII, and you are not even allowed to record information like password, sexual orientation, credit card even if you have the consent.

Two things: - Nowadays on the web most of payment pages are not hosted on the client website, so those analytics tools are not included (but we still have many websites that don't use third party for that) - This data is not (most of the time) recorded in a structured way, data of inputs is recorded as some element of an HTML, and thus it is not super easy to extract the information at scale

[1] https://freedom-to-tinker.com/2018/02/26/no-boundaries-for-c...


> Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

The key phrases here are "recording every tap and swipe" and "on their iPhone apps". I'm not saying it is okay, but the sensationalist headline takes away from the real issue.


I've been seeing the same sensationalist language even in "respected" publications like the NYT lately. For example, they recently published a story where it was implied that because Spotify's Messenger plugin has standard read/write permissions (necessary to ensure basic functionality like sharing songs) that it could also actively monitor, store, and modify your private messages.

In smaller publications, some shoddy reporting can often be attributed to a lack of experience or resources. It's hard to find an excuse for larger publications with well-established editorial resources, however. These stories are presented under the guise of public interest, but in reality they seem increasingly driven by politics and sinister ulterior motives. The end result is the spread of misinformation and further public distrust of the media and technology as a whole.


I doubt the sinister / political motives - these headlines and articles are nothing more than to drive traffic / revenue.

Pick a popular company / product / service, find something that they could be doing, throw up an article suggesting that's what they could be doing but have the title inferring that it is what they are actually doing. Rinse / repeat.


I'm not going to get into the subjectivity of what is or is not "sinister", but there's a more fundamental issue with the pattern you've described. Increasingly often today headlines are defacto articles. They get shared on various social media outlets and then people start discussing the title, filling in the body themselves. When the title is 'fake', it leads to mass disinformation. This gets even worse when the title and lead paragraph say one thing and it's only later in the article that the more nuanced reality is revealed. In that case you not only mislead the 'titlers' but also the skimmers.

I imagine readers on HN actually read articles at a vastly higher rate than e.g. Reddit or Facebook, yet on reading the comments it often becomes quickly apparent that many users, even here, do not bother reading articles before commenting on them. In an ideal world I wouldn't mind seeing misleading headlines put in the same bucket as false or misleading advertising. Of course in practice that'd be a terrible idea since this rule would simply be used for the powers that be to litigate against anything they don't like being published.


However!

This is what happens under capitalism when private news organizations are disrupted by the Internet.

The solution is a collaborative news site, we don’t need intrepid reporters going into war zones when everyone can record video on their phone. We don’t need biased clickbait news providing fodder for soial network algorithms to herd us into echo chambers. We need a place where people of all viewpoints meet and duke it out like Wikipedia but for news.

PS: wikinews in particular sucks though


There's a difference between the photos people take on a phone and the journalism that people like Tyler Hicks do. It's just not the same. Please show me a crowd sourced article that has this impact. https://www.nytimes.com/interactive/2018/10/20/world/middlee...


Wait, how is read/write permissions to messages (assuming that’s what you allude to) in any way necessary? On iOS at least, apps can’t even get access to your messages, and sharing works very well. I must misunderstand something.


No, they mean Facebook Messenger. The extension can be used for things like collaboratively creating a playlist with contacts in Messenger, sounds like that would require being able to read messages from Messenger and write messages to it.

https://support.spotify.com/is/using_spotify/playlists/group...


But you do agree that Spotify can read private messages, if it wants to. The news may not be clear about this, but we do need tighter permissions.


No, I don't.

https://newsroom.fb.com/news/2018/12/facebooks-messaging-par...

I don't want this to devolve into an argument of semantics, but given NYT's editorial resources there's no doubt they carefully scrutinized how the "read" and "write" would be interpreted by their readership in the context of a negative report about Facebook.


Well if Facebook say "nothing to see here" then I'll definitely take their word for it.


"Many popular iPhone apps record what you do with them" would be perfectly accurate and less sensationalist.

I saw the title and thought "so the app is recording what's on the screen... which on a phone, is going to be itself... that's not such a big deal." As much as I don't like this sort of telemetry, it is in no way the sort of security issue the title appears to be insinuating.


How is that not a major privacy and security issue? A screen recording of your session would expose passwords in many cases as the characters show up one at a time before being masked.


When an app records itself it only has access to passwords that it already has access to. The issues are (1) these recordings go to a separate company, not the app developer and (2) developers (should) know to treat passwords as sensitive data but they didn't think to treat these recordings the same way.


If its doing actual screen recording (is this even possible) then it presumably can record the password you type into the Google Oauth screen that the app pops open.


How exactly is it a surprise that an app has access to the contents of the framebuffer that it just generated?

I assume you are against their choice to send a log of their drawing commands in the form of images.


Another key paragraph is this one:

“This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch.

The takeaway is that some companies are capturing things that they shouldn't be storing, and the article has exposed atleast one instance where this information has been sent to a third party without masking.

--

As a side note, I've always been afraid to use payment options within apps that redirect to bank logins or payment gateways and this only feeds my fears.

Even if you're making the payment through a trusted bank or a payment provider, these apps still probably intercept and store the information you gave your bank.


Could they lose PCI compliance then?


Probably not. PCI compliance is a joke. Target was certifies PCI compliant two weeks before their massive breach.


If they encrypt the screenshots the same way they do the stored details, probably not.


CCV isn't ever to be stored after transaction completion, encrypted or not.


I worked in this space and its definitly possible https://uxcam.com/ and https://appsee.com/ are other players in the space. They record the full screen by default. Much like fullstory for desktop.


A lot of companies and insurance in particular screen capture desktop applications as well.

This is so that should there be a dispute they have a screen shot of the forms presented and what details the customer provided. Payment screens would not be captured this way.


This. The only real issue is that the teams implementing this decided not to do a data security assessment and are violating PCI-DSS and similar by recording things that are supposed to be stored securely or not at all (ex. CCV).

Also, as I recall, banks legitimately "track" user interactions as a means of fraud detection.


Banks will also introduce imperfections into their UI, and correlate how you interact with it to determine if you're human.

Effectively an invisible captcha.


Hotjar invented this.

And some porn sites also ask for camera access.

I think you are measuring video engagement/scoring from your reactions to video using your facial expressions.

It's a very good approach for bypassing fake views.


"Record the screen" could be more precise. I assumed the article was saying apps were literally recording a video of the screen, complete with alert popups etc (like the Screen Recorder app).

I realize there isn't functionally much difference within an app. But unless I'm reading it incorrectly, it's not recording the screen it's just the UI of the app. That's not nothing, but I always assumed (sadly?) that a lot of apps have been doing that for years to hone their UX dark arts.


Yeah. An equally hysterical article could be written about web servers recording your IP address and what page you visited.

Maybe this is a bit much, but developers do need some data as to how their app is performing in the real world. You might have some metrics that says 0% of visitors to your order checkout page on FooPhone 1.0 are completing orders successfully. With a screenshot, you can immediately see that that screen doesn't even work on that device. It doesn't sound like a tragic loss of privacy to me, but rather an important tool for developers to help smooth over the reality of massive device incompatibility.


It’s a trust issue. Until we have a proper reckoning about privacy in the US, much of the trust in software is predicated on ignorance. There’s minimal outrage because people don’t know that the app is recording their every swipe and typed word (even if deleted before sending a la Facebook).


It is all good until you start sending credit card details and all other personal and sensitive information without even asking user about it.

As a user, I don't care at all if it makes dev's life easier. I bought the app and don't want my personal info to be leaked.


So, we're supposed to trust the application's main process to accept a credit card securely, but not trust their system which tracks UX?

It might be one more place to screw up, but so is just having more actions your app can do.

I'm not sure I see any difference between an app recording all I traction within it (for single purpose apps, but not browsers) and a store video recording everything in it.


> So, we're supposed to trust the application's main process to accept a credit card securely, but not trust their system which tracks UX?

Correct. The payment code is usually gone over with a comb for PCI compliance (or completely outsourced to someone like Stripe), whereas the UX tracking is much less so. It's also a common enough issue that stuff like credit cards or API codes end up leaking into logs.


PCI compliance covers all aspects of credit card numbers and how they are collected, transmitted and stored. There's no reason to believe a company you can't trust to either not grab it or transmit it or store it for UX metrics non-compliantly will take care to do so in a compliant manner otherwise for normal operations. Either they take care with important data or they don't, and for this measurement "assume it's taken care of because they offload it to some other company" doesn't really count as taking care and absolve them of the responsibility, as I'm sure a lot of developers convince themselves it does.

That said, my point isn't necessarily that you should trust apps gathering UX metrics more, but that you should probably trust all apps quite a bit less, whether they track user actions or not.


Nope, this kinda thing should be limited to opt-in beta testing.


The real take away is that they’re sending all text typed in, including credit card and social security numbers, unencrypted to a third party.


Source? This would probably fail some compliances audit.

Most of these kind of tools (ie:HotJar) have a flag that will prevent theses data from being sent.


> In the case of Air Canada’s app, although the fields are masked, the masking didn’t always stick


> Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps.

> These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.


> effectively screenshotted

IMHO that is deceptive. System alerts, notifications, etc are presented in a protect system context the application can't see so there is in fact a very big difference between recording button taps and "screenshott[ing]".


This is horrible reporting if by “record” they mean “log meta data like swipe coordinates and recreate it.” That is not the same as record.


> This is horrible reporting if by “record” they mean “log meta data like swipe coordinates and recreate it.” That is not the same as record.

Is there much of a practical difference here? Employees at the company can essentially watch a video-like recreation of how you went through and used their app. This includes details that you might not expect such as which email you typed into a field before backspacing and choosing another to sign up with.

I want to believe that a product owner at companies like Tinder aren't watching videos of me sexting someone to "learn how we can improve the user experience". If the response is then to say "don't use Tinder!", start considering the alternatives - you end up having to trust someone, or do nothing digitally.


> Is there much of a practical difference here?

Yes, because an app provider can know a dozen different ways what they're showing you already, but nothing else on your system. There is a world of difference between Tinder knowing i dismissed an incoming text alert because I swiped up at the top of the screen and knowing what the content of that text message was, to use your example. Tinder can already log the content of the messages you send in their platform,


sensationalist bs. how is ability to watch a screen recording of you using their app and typing in your credit card into THEIR app is different from the same app developer just pulling up your credit card info from their database? if you give the info to the app, the app owner will see your info. as discussed as that. the fact that its in a form of screen recording doesn't make it scary or dangerous.


Well, one extremely important difference is that I might trust company X in part because they will want to preserve their brand but not trust poorly-run user-analytics company Y that a part of X uses which will give X plausible deniability for responsibility.

The other is that PCI helps mitigate their handling on the CC side but those user analytics companies aren't part of that.


yeah, actually good point. in cases when customer didnt trust the merchant enough with their financial data and used paypal or whatever but the shitty merchant still saw everything. definitely not compliant.


Watching users via tracking and telemetry is very useful in order to learn about your users. But I also think it's also unethical. With the mindset that users are "lemings" ¹ where your job as a developer is to optimize profits from these "dumb fucks"².

1: https://en.wikipedia.org/wiki/Lemmings_(video_game) 2: https://en.wikiquote.org/wiki/Mark_Zuckerberg


Screen recording apps are fine if you want to go over how a small group of people use your website however the data is hard to analyse.

Plain old Google Analytics is a bigger deal when you think about it. Anyone that has this configured half decently where the IDs are provided by some backend server really has got the low down on how you use the website. Every aspect of 'engagement' can be recorded and reports made that don't entail watching through untold hours of 'user engagement'.

It is a bit like spying in the modern age. In the olden days any intelligence agency could throw resources at tracking one individual of interest. However if you need a team of twenty people to stalk someone then getting the budget can be hard. They would have to be the 'Chairman of the Communist Leadership' or the leader of a striking union for that to be approved. In the modern era we all know how NSA et al. do it, surveillance on everyone and able to do a report on anyone deemed 'Communist' (or whatever).

It isn't the 'everything on screen' you need to worry about as nobody except an intern is going to be looking at that. It is the half decent Google Analytics setups that are a far greater concern if you are terrified of marketing people. Yet nobody bats an eyelid to Google Analytics, the cookie notices say it is mostly harmless and just there for your own good.

Luckily though very few companies are really that competent at Google Analytics. They may have people adding ever more bloat to Google Tag Manager for this to feed various things such as affiliate marketing schemes, however the people doing SEO are rarely familiar with web development and, not understanding the 'problem space', don't realise the possibilities.


Users are very bad at describing what they did when an app crashed. Recording application state and logging it is a wonderful aid to debugging. I did this routinely when deploying in-house applications.


I’m not sure what gave you the idea that you don’t need permission. Why don’t we go ahead and put a camera in your bathroom in case the plumber ever needs to diagnose a leak?


The same applies to web applications. Fullstory (developed by ex Googlers) and others are in this market too, but I don’t see them monetizing what they get to parties outside of charging the app maker.


Maybe Apple should make this into a built-in iOS feature with proper privacy and data minimization.


Even when your app crashes, Apple gives you crash log and nothing else, so I don't see they providing a way to tag users more granularly than this.


But it's fine to allow third parties to do it?


Would be cool to see a non-TechCrunch link. TechCrunch shows blank pages on mobile for me



Ok. So what? Software and services have kept usage metrics and clickstream data for decades. They have privacy policies saying that they may collect data about how you use their product. This is that data. So, is this a surprise?

If you don't want Abercrombie to know which items you looked at, don't look at them on the Abercrombie app, or at the Abercrombie store, or on the Abercrombie website.


Abercrombie's data collection should start and end at the data I choose to send them, including the products I click on.

I do not expect Abercrombie to "see what I do in real time," including where I position my mouse on my screen, text I type and then choose to delete, my physical location, etc.


then goto the mall? except wait, probably tracked on security cam there nowadays + credit card transactions are tracked + tracking movement in the store using multiple wifi APs + tracking what you purchase internally.

the expectation of privacy when dealing with a business that can monetise the data about you in some way may be a dead thing already until the govt gets involved.


Its only dead because people choose to give up. If we don't fight it at every turn, we will keep on living in this dystopian future. The government will never step in to protect you as they want as much of this information as possible. We have already seen how politicians try to abuse any possible thing they can to get more power and/or win elections.

We need the engineers in the these companies to join the fight, refuse to install or add these features. If that impossible because there are many people who don't see this as a corrupt practice, then we need others to step up and help block and expose it.

Please don't give up on privacy or freedoms, that just dooms us more.


This is an explanation but definitely not a justification.


Replaying user behaviour is not a privacy issue. Pretty much every mobile/web app connected to the internet is doing this with varying granularity.

AFAIK it's a pretty standard practice in UX and product design. A&F might have analysed hours of your finger gesture activity, but I doubt they're gonna know what brand of toilet paper you wiped with this morning.


> Replaying user behaviour is not a privacy issue

This is a problem with the Silicon Valley bubble. Just because everyone else is in your shit pile doesn’t mean it doesn’t stink. You just can’t smell it.


> Replaying user behaviour is not a privacy issue. Pretty much every mobile/web app connected to the internet is doing this with varying granularity.

All I hear is that every mobile/web app connected to the internet has significant privacy issues.

Where I point my mouse is my business dammit.


I would rather not having an app sending screenshots of the screen / record taps while I input my CC number.

Nor of any alerts / notifications that are unrelated to the app itself.

So I'd say it can be quite a privacy issue.


I agree that sensitive data should be handled much better, but - at least in a webapp - they don't capture screenshots, they just only capture mouse movements, clicks and scrolling and then rerender that on the html.


Many of these companies (e.g. FullStory, Hotjar) obfuscate all input fields for exactly this reason.


I’m sorry but they don’t, at least in a sensible defaults, easy/reliable way. Unless they’ve changed recently. We did extensive testing and found it was up to the end user implementing the integrations, and their regard for this topic/privacy.


“Videotaping your screen is not a privacy issue”

Hmm.


Funny how it's not a privacy issue for Apple devices, but triggers hundreds of posts of rage and ranting for Google devices.

Corporate cheerleading at its finest.

[Having hundreds of SV companies offer products that track user behaviour in iOS/Android/Web apps is of course a huge privacy concern, since that can very accurately profile you as a person.]


Just because everyone does it doesn't make it right!


People that complain about this stuff obviously have never launched an app before. If you don't record what people are doing with your app, then you're not going to have any idea if anyone is actually using it, or if it is any good, or if there is anything you need to fix.


> If you don't record what people are doing with your app, then you're not going to have any idea if anyone is actually using it, or if it is any good, or if there is anything you need to fix.

There are other ways to get information as to what to fix, and I have no need to know what people are doing in my app.




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: