Slashdot Mirror
Apple Tells App Developers To Disclose Or Remove Screen Recording Code (techcrunch.com)
An anonymous reader quotes a report from TechCrunch: Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps -- or face removal from the app store, TechCrunch can confirm. In an email, an Apple spokesperson said: "Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity." "We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary," the spokesperson added.
It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.
It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister and Hotels.com, were using a third-party analytics tool to record every tap and swipe inside the app. We found that none of the apps we tested asked the user for permission, and none of the companies said in their privacy policies that they were recording a user's app activity. Even though sensitive data is supposed to be masked, some data -- like passport numbers and credit card numbers -- was leaking.
I'm an app developer and years ago, started with an app in the App Store and included one of those free analytics libraries. It's quite useful, you get the crash reports coming in as they occur in the field. At some point, I was very proud to have solved nearly all crashes.
Then I felt like people needed to be able to opt out. So I built a screen with a simple checkmark, and looked at their API to turn off data collection. Turns out, it's not there. To opt out as a user you needed to go to a web page, and fill in your email adres. I thought to myself, what? What the fucking what? How can you relate crash reports with an email address? Then I realized that's what free means. I should never have started with it.
Note: this was in 2012/2013, and as a starting iOS developer, I was pretty naive. First of all I should've built my own light weight crash reporter. Second of all, it should've been opt-in.
I've tried Localytics, Crashlytics and Flurry. They all have severe privacy problems in my opinion. I have simply removed them from my app, because I kept feeling bad for my users.
8 of 13 people found this answer helpful. Did you?