from ars technica
Apple has begun notifying developers who use screen-recording code in their apps to either properly disclose it to users or remove it entirely if they want to keep their apps in the App Store. The move comes after a TechCrunch report showed that many apps do not disclose such activity to users at all, and some sensitive user data has been compromised through screen recordings.”Protecting user privacy is paramount in the Apple ecosystem,” an Apple spokesperson told TechCrunch. “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
The initial report highlighted third-party analytics code used by Air Canada, Expedia, Hotels.com, Hollister and other companies in their mobile apps that allows them to record the screens of users while they navigate the app. These “session replays” are designed to help developers work out kinks, make informed UI decisions, and better inform them on how users are interacting with their apps in general.
However, many apps do not tell users that their activity is being monitored by screen-recording code. Also, some session replays reportedly compromised sensitive user information. While they are designed to mask such data, TechCrunch reported that Air Canada’s app was not properly masking information such as users’ passport and credit card numbers.