A report from TechCrunch is making the rounds, and says that apps secretly record your screen without telling you. Here’s why that’s not a big deal.
Popular apps from airlines, travel sites, carriers, banks, etc., all record your screen. Let’s get one thing out of the way first: Because iOS apps are sandboxed, they are unable to record what you do in other parts of your iPhone. An app can only record the screen within that app.
I reached out to an iOS developer on Reddit. He/she had made a comment explaining the situation, but didn’t want their real name associated with their Reddit username. Nevertheless, the developer perspective is valuable:
They are not recording your screen in the sense you are thinking. Most analytics frameworks are recording your taps and swipes INSIDE, and ONLY INSIDE the app itself. They can’t record anything outside of that app.
Some frameworks like Appsee can indeed send recording of the apps, it does obfuscate any views with secure text entries, but if you have any custom components for that you have to make sure you are setting up the obfuscation yourself.
There are two sides you can view this from: as a developer and product manager, tools like Appsee, Firebase Analytics, etc provide incredible value for A/B testing, for seeing how your users interact with the app, to see which features are worth maintaining and what can be dropped. For users, yeah, it’s obtrusive but this should be very well specified in the ToS of your app.
Chances are, you have one more apps that perform this kind of analytics. And in the very worst case, someone is using a remote logging platform to log virtually everything you are typing in the app, and if it’s cloud hosted then maybe it is vulnerable to hacking and that will suck for everyone. So your best bet is using something like Charles Proxy to see what your apps are doing, if you truly care.
Something else: no one is using this to make money out of you (except the people who sell the platforms/frameworks themselves, this market is huge, all these tools are very expensive past their free tiers). Advertisers really don’t care about where you tap on app unless it’s ads and in said case you are dealing with something else.
Essentially, certain things wouldn’t be possible without recording the screen, like A/B testing. Developers and designers need to know how their users are interacting with their product so they can improve it.
The second issue is sensitive information like passwords and credit card data. The App Analyst told TechCrunch that data was “mostly obfuscated” but in some cases did see email addresses and postal codes. We have no idea whether data is properly obfuscated or not. And we don’t know whether the data—any user data—is properly encrypted. My guess is no.
So there are definitely real concerns about this, but it’s not a scandal, and screen recording isn’t an abuse of iOS.