Apple has started informing app developers to remove or disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps or face removal from the app store. This comes after major companies, like Expedia, Hollister, and Hotels.com were spotted using a third-party analytics tool to record every tap and swipe inside the app.
These apps do not ask for user permission and none of the companies said in their privacy policies that they were recording a user’s app activity. Data including passport numbers and credit card numbers were being leaked.
Glassbox is a cross-platform analytics tool that specializes in session replay technology. It allows companies to integrate their screen recording technology into their apps to replay how a user interacts with the apps to reduce app error rates. However, the company “doesn’t enforce its customers” to mention that they use Glassbox’s screen recording tools in their privacy policies.
App developers had already been notified that their apps don’t follow Apple’s policies and one app developer was told by Apple to remove code that recorded app activities, citing the company’s app store guidelines. Apple gave the developer less than a day to remove the code and resubmit their app or the app would be removed from the app store.
Apple, in an email to app developers, said:
Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.
In an email, an Apple spokesperson said:
Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.