” Imagine if your website or mobile application could see exactly what customers are doing in real time, and the reasons why they are doing what they are doing “. This is how Glassbox , a development kit created by the company that is leading a debate following a recent TechCrunch article, was promoted on Twitter .
It is not controversial that applications use kits like this one from Glassbox to obtain user metrics, of course. The problem comes when this kit records the screen and even the touches and gestures we make on it without our consent . Applications like Expedia, Air Canada, Hotels.com, Singapore Airlines or Abercrombie & Fitch have used Glassbox tools to do just that.
At AppleI downloaded all the data Apple has on me and this is what I found
Our permission is the first thing to consider
Our Xataka colleagues have also echoed the news: some of these applications would not even be protecting such sensitive data as recordings from our iPhone screens or what we type on the keyboard. This means that the text we have written, including passwords or credit card information, is completely vulnerable to man-in-the-middle attacks, which can intercept communications between a mobile application and the servers it depends on.
What is particularly bad for Glassbox is that this feature of its tools does not appear anywhere in its terms of service , so everything is done without users’ express permission. You can see the result in the video I included above: entire user sessions, with their personal data, perfectly recorded.
On the application side, its developers are the ones who choose where to store that data. They can do this on Glassbox’s servers or on their own . And it has to be said: some have taken care to encrypt all that data so that it cannot be intercepted so easily. But the example of Air Canada, where nothing is done, ends up in news stories like its recent security breach in which private data of 20,000 users was leaked.
What can we do to prevent the filtering of our data?
There is nothing we can do, apart from uninstall the applications that integrate the Glassbox tools. The affected applications are mainly from airlines, travel or clothing, so we can always resort to using your website with some crawler blocker installed in the browser (or with alternative browsers like Brave).
At AppleRecommendations to keep your privacy safe on your iPhone this 2019 (without going crazy)
We insist: that applications (especially free ones) analyze our usage data is not unusual or bad. Developers have to live by something. The serious thing is when it is done secretly, without informing those users and also with the aggravating factor of not protecting that data. I wouldn’t be surprised if Apple’s reaction to this news is, logically, to prohibit the use of Glassbox tools until their responsible make a change of course. Since Cupertino they know perfectly well that privacy is one of the best assets of iOS and they will protect it by taking the necessary measures. Sandy, you have a job.