apple inc

Auto Added by WPeMatico

iFixit gives Fairphone 3 a perfect 10 for repairability

Here’s something the hermetically sealed iPhone can’t do: Score a perfect 10 for repairability.

Smartphone startup and social enterprise Fairphone’s latest repairable-by-design smartphone has done just that, getting 10/10 in an iFixit Teardown vs scores of just 6/10 for recent iPhone models.

The Fairphone 3, which was released in Europe last week with an RRP of €450, gets thumbs up across the board in iFixit’s hardware Teardown. It found all the internal modules to be easily accessible and replaceable — with only basic tools required to get at them (Fairphone includes a teeny screwdriver in the box). iFixit also lauds visual cues that help with disassembly and reassembly, and notes that repair guides and spare parts are available on Fairphone’s website.

iFixit’s sole quibble is that while most of the components inside the Fairphone 3’s modules are individually replaceable “some” are soldered on. A tiny blip that doesn’t detract from the 10/10 repairability score

Safe to say, such a score is the smartphone exception. The industry continues to encourage buyers to replace an entire device, via yearly upgrade, instead of enabling them to carry out minor repairs themselves — so they can extend the lifespan of their device and thereby shrink environmental impact.

Dutch startup Fairphone was set up to respond to the abject lack of sustainability in the electronics industry. The tiny company has been pioneering modularity for repairability for several years now, flying in the face of smartphone giants that are still routinely pumping out sealed tablets of metal and glass which often don’t even let buyers get at the battery to replace it themselves.

To wit: An iFixit Teardown of the Google Pixel rates battery replacement as “difficult” with a full 20 steps and between 1-2 hours required. (Whereas the Fairphone 3 battery can be accessed in seconds, by putting a fingernail under the plastic back plate to pop it off and lifting the battery out.)

The Fairphone 3 goes much further than offering a removable backplate for getting at the battery, though. The entire device has been designed so that its components are accessible and repairable.

So it’s not surprising to see it score a perfect 10 (the startup’s first modular device, Fairphone 2, was also scored 10/10 by iFixit). But it is strong, continued external validation for the Fairphone’s designed-for-repairability claim.

It’s an odd situation in many respects. In years past replacement batteries were the norm for smartphones, before the cult of slimming touchscreen slabs arrived to glue phone innards together. Largely a consequence of hardware business models geared towards profiting from pushing for clockwork yearly upgrades cycle — and slimmer hardware is one way to get buyers coveting your next device.

But it’s getting harder and harder to flog the same old hardware horse because smartphones have got so similarly powerful and capable there’s precious little room for substantial annual enhancements.

Hence iPhone maker Apple’s increasing focus on services. A shift that’s sadly not been accompanied by a rethink of Cupertino’s baked in hostility towards hardware repairability. (It still prefers, for example, to encourage iPhone owners to trade in their device for a full upgrade.)

At Apple’s 2019 new product announcement event yesterday — where the company took the wraps off another clutch of user-sealed smartphones (aka: iPhone 11 and iPhone 11 Pro) — there was even a new financing offer to encourage iPhone users to trade in their old models and grab the new ones. ‘Look, we’re making it more affordable to upgrade!’ was the message.

Meanwhile, the only attention paid to sustainability — during some 1.5 hours of keynotes — was a slide which passed briefly behind marketing chief Phil Schiller towards the end of his turn on stage puffing up the iPhone updates, encouraging him to pause for thought.

Apple 2019 event

“iPhone 11 Pro and iPhone 11 are made to be designed free from these harmful materials and of course to reduce their impact on the environment,” he said in front of a list of some toxic materials that are definitely not in the iPhones.

Stuck at the bottom of this list were a couple of detail-free claims that the iPhones are produced via a “low-carbon process” and are “highly recyclable”. (The latter presumably a reference to how Apple handles full device trade-ins. But as anyone who knows about sustainability will tell you, sustained use is far preferable to premature recycling…)

“This is so important to us. That’s why I bring it up every time. I want to keep pushing the boundaries of this,” Schiller added, before pressing the clicker to move on to the next piece of marketing fodder. Blink and you’d have missed it.

If Apple truly wants to push the boundaries on sustainability — and not just pay glossy lip-service to reducing environmental impact for marketing purposes while simultaneously encouraging annual upgrades — it has a very long way to go indeed.

As for repairability, the latest and greatest iPhones clearly won’t hold a candle to the Fairphone.

Powered by WPeMatico

Apple tweaks its App Store algorithm as antitrust investigations loom

That Apple has used its App Store to offer itself a competitive advantage is nothing new. TechCrunch and others have been reporting on this problem for years, including those times when Apple chose to display its apps in the No. 1 position on the Top Charts, for example, or when it stole some of the App Store’s best ideas for its own, banned apps that competed with iOS features or positioned its apps higher than competitors in search. Now, in the wake of antitrust investigations in the U.S. and abroad, as well as various anti-competitive lawsuits, Apple has adjusted the App Store’s algorithm so fewer of its own apps would appear at the top of the search results.

The change was reported by The New York Times on Monday, which presented Apple with a lengthy analysis of app rankings.

It even found that some searches for various terms would display as many as 14 Apple-owned apps before showing any results from rivals. Competitors could only rank higher if they paid for an App Store search ad, the report noted.

That’s a bad look for Apple, which has recently been trying to distance itself and its App Store from any anti-competitive accusations.

In May, for example, Apple launched a new App Store website designed to demonstrate how it welcomes competition from third-party apps. The site showed that for every Apple built-in app, there were competitors available throughout the App Store.

But availability in the store and discoverability by consumers are two different things.

Apple admitted to the NYT that for over a year many common searches on the App Store would return Apple’s own apps, even when the Apple apps were less popular or relevant at times. The company explained the algorithm wasn’t manipulated to do so. For the most part, Apple said its own apps ranked higher because they’re more popular and because they come up in search results for many common terms. The company additionally said that one feature of the app’s algorithm would sometimes group apps by their maker, which gave Apple’s own apps better rankings than expected.

Screen Shot 2019 09 09 at 11.29.20 AM

Above: via the NYT, the average number of Apple apps that returned at the top of the search results by month

Apple said it adjusted the algorithm in July to make it seem like Apple’s own apps weren’t receiving special treatment. According to the NYT, both Apple VP Philip Schiller, who oversees the App Store, and SVP Eddy Cue, who oversees many of Apple’s apps, confirmed that these changes have not fully fixed the problem.

The issue, as Apple explains it, is that its own apps are so popular that it had to tweak its algorithm to pretend they are not. Whether or not this is true can’t be independently verified, however, as Apple doesn’t allow any visibility into metrics like searches, downloads or active users.

Maybe it’s time for Apple’s apps to exit the App Store?

The report, along with the supposed ineffectiveness of the algorithm’s changes, begs the question as to whether Apple’s apps should show up in the App Store’s charts and search results at all, and if so, how.

To be fair, this is a question that’s not limited to Apple. Google today is facing the same problem. Recently, the CEO of a popular software program, Basecamp, called Google’s paid search ads a “shakedown,” arguing that the only way his otherwise No. 1 search result can rank at the top of the search results page is to buy an ad. Meanwhile, his competitors can do so — even using his brand name as the keyword to bid against.

The same holds true for the App Store, but on a smaller scale than the entirety of the web. That also makes Apple’s problem easier to solve.

For example, Apple could simply choose to offer a dedicated section for its own software downloads, and leave the App Store as the home for third-party software alone.

This sort of change could help to eliminate concerns over Apple’s anti-competitive behavior in the search results and chart rankings. Apple might balk against this solution, saying that users should have an easy way to locate and download its own apps, and the App Store is the place to do that. But the actual marketplace itself could be left to the third-party software while the larger App Store app — which today includes a variety of app-related content, including app reviews, interviews with developers, app tips and a subscription gaming service, Apple Arcade — could still be used to showcase Apple-produced software.

It could just do so outside the actual marketplace.

Here’s how this could work. If users wanted to re-install an Apple app they had deleted or download one that didn’t come pre-installed on their device, they could be directed to a special Apple software download page. Pointers to this page could be in the App Store app itself as well as in the iOS Settings.

An ideal spot for this section could even be on the existing Search page of the App Store.

With a redesign, Apple could offer a modified search screen where users could optionally check a box to return a list of apps results that would come only from Apple. This would indicate intentional behavior on the consumer’s part. That is, they are directly seeking an Apple software download — as opposed to the current situation where a user searches for “Music” and sees Apple’s own music app appear above all the others from rivals like Spotify and Pandora.

Alternately, Apple could just list its own apps on this page or offer a link to this dedicated page from the search screen.

And these are just a few variations on a single idea. There are plenty of other ways the App Store could be adjusted to be less anti-competitive, too.

As another example, Apple could also include the “You Might Also Like” section in its own apps’ App Store listings, as it does for all third-party apps.

Image from iOS 1Above: Apple Music’s App Store Listing

This section directs users to other apps that match the same search query right within the app’s detail page. Apple’s own apps, however, only include a “More by Apple” section. That means it’s keeping all the search traffic and consumer interest for itself.

Image from iOS

Above: Spotify’s App Store Listing

Or it could reduce the screen space dedicated to its own apps in the search results — even if they rank higher — in order to give more attention to apps from competitors while still being able to cater to users who were truly in search of Apple’s software.

But ultimately, how Apple will have to behave with regard to its App Store may be left to the regulators to decide, given Apple’s failure to bake this sort of anti-competitive thinking into its App Store design.

Powered by WPeMatico

Apple brings contactless student IDs to a dozen more universities

Ahead of the upcoming school year, Apple this morning announced it’s bringing contactless student IDs in Apple Wallet to several more U.S. universities. The expansion will allow more than 100,000 additional college students to carry their student ID on their iPhone or Apple Watch, where it can be used for a variety of tasks, including paying for their meals and snacks and entry into buildings, like the student’s dorm and other campus facilities.

The expanded list of universities includes: Clemson University, Georgetown University, University of Tennessee, University of Kentucky, University of San Francisco, University of Vermont, Arkansas State University, South Dakota State University, Norfolk State University, Louisburg College, University of North Alabama and Chowan University.

These join the previously supported schools: Duke University, University of Oklahoma, University of Alabama, Temple University, Johns Hopkins University, Marshall University and Mercer University.

Apple brings student IDs to iPhone and Apple Watch student ID on apple watch 081319

Apple first announced its plans for contactless student IDs at WWDC 2018, then rolled out to its debut schools last October.

The contactless IDs not only serve as a means of student identification, but also work as a payment mechanism for on-campus transactions — like meals at the cafeteria or textbooks and supplies at the college’s bookstore, for example. Contactless entry into buildings is also now common on college campuses, and these digital IDs can work to open doors, too, as an alternative to swiping an entry card.

Apple brings student IDs to iPhone and Apple Watch university of san francisco student ID screen 081319

Support for college student IDs is only one way that Apple is trying to replace the physical wallet. The company also supports the ability to add your debit and credit cards, transit and loyalty cards, tickets and even paper money through Apple Pay Cash. And now it’s launching its own credit card, too, which rewards you with cashback for shopping Apple and using Apple Pay.

“We’re happy to add to the growing number of schools that are making getting around campus easier than ever with iPhone and Apple Watch,” said Jennifer Bailey, Apple’s vice president of Internet Services, in a statement about the expansion. “We know students love this feature. Our university partners tell us that since launch, students across the country have purchased 1.25 million meals and opened more than 4 million doors across campuses by just tapping their iPhone and Apple Watch.”

Related to this launch, Apple says it’s also adding support for CBORD, Allegion and HID — solution providers for campus credentials and mobile access. With these technologies on board, Apple will be able to reach other schools integrated with these systems in the future.

Powered by WPeMatico

Apple disables Walkie Talkie app due to vulnerability that could allow iPhone eavesdropping

Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer’s iPhone without consent, the company told TechCrunch this evening.

Apple has apologized for the bug and for the inconvenience of being unable to use the feature while a fix is made.

The Walkie Talkie app on Apple Watch allows two users who have accepted an invite from each other to receive audio chats via a “push to talk” interface reminiscent of the PTT buttons on older cell phones.

A statement from Apple reads:

We were just made aware of a vulnerability related to the Walkie-Talkie app on the Apple Watch and have disabled the function as we quickly fix the issue. We apologize to our customers for the inconvenience and will restore the functionality as soon as possible. Although we are not aware of any use of the vulnerability against a customer and specific conditions and sequences of events are required to exploit it, we take the security and privacy of our customers extremely seriously. We concluded that disabling the app was the right course of action as this bug could allow someone to listen through another customer’s iPhone without consent.  We apologize again for this issue and the inconvenience.

Apple was alerted to the bug via its report a vulnerability portal directly and says there is no current evidence that it was exploited in the wild.

The company is temporarily disabling the feature entirely until a fix can be made and rolled out to devices. The Walkie Talkie App will remain installed on devices, but will not function until it has been updated with the fix.

Earlier this year a bug was discovered in the group calling feature of FaceTime that allowed people to listen in before a call was accepted. It turned out that the teen who discovered the bug, Grant Thompson, had attempted to contact Apple about the issue but was unable to get a response. Apple fixed the bug and eventually rewarded Thompson a bug bounty. This time around, Apple appears to be listening more closely to the reports that come in via its vulnerability tips line and has disabled the feature.

Earlier today, Apple quietly pushed a Mac update to remove a feature of the Zoom conference app that allowed it to work around Mac restrictions to provide a smoother call initiation experience — but that also allowed emails and websites to add a user to an active video call without their permission.

Powered by WPeMatico

Google finance head joins Postmates board ahead of anticipated IPO

Google’s vice president of finance, has joined Postmates’ board of directors, the latest sign that the on-demand food delivery startup is prepping to take the company public.

Postmates announced Friday that Kristin Reinke, vice president of Finance at Google, will join the San Francisco startup as an independent director.

Reinke has been with Google since 2005. Prior to Google, Reinke was at Oracle for eight years. Reinke also serves on the Federal Reserve Bank of San Francisco’s Economic Advisory Council.

Her skill set will come in handy as Postmates creeps towards an IPO.

Earlier this year, the company lined up a $100 million pre-IPO financing that valued the business at $1.85 billion. Postmates is backed by Tiger Global, BlackRock, Spark Capital, Uncork Capital, Founders Fund, Slow Ventures and others. Spark Capital’s Nabeel Hyatt tweeted the news earlier Friday.

Happy to welcome Kristin to the board of @Postmates. 🚀 Great times ahead. https://t.co/nEqu3A2YkE

— Nabeel Hyatt (@nabeel) June 28, 2019

“Postmates has established itself as the market leader with a focus on innovation and route efficiency in the fast‐growing on‐demand delivery sector. Given their strong execution, accelerating growth, and financial discipline, they are well positioned for continued market growth across the U.S.,” said Reinke. “I’m thrilled to join the board.”

The startup has been beefing up its executive quiver, most recently hiring Apple veteran and author Ken Kocienda as a principal software engineer at Postmates X, the team building the food delivery company’s semi-autonomous sidewalk rover, Serve.

Kocienda, author of “Creative Selection: Inside Apple’s  Design Process During the Golden Age of Steve Jobs,” spent 15 years at Apple focused on human interface design, collaborating with engineers to develop the first iPhone, iPad and Apple Watch.

Powered by WPeMatico

Apple may combine ‘Find My iPhone’ & ‘Find My Friends’ apps, launch a Tile-like tracking device

Apple is working to combine its tracking apps “Find My iPhone” and “Find My Friends” into one unified app available on both iOS and Mac, according to a new report from the Apple news site 9to5Mac. In addition, the report says, Apple is developing a hardware product that can be attached to other items that Apple customers want to track — similar to what the Bluetooth tracker Tile offers today.

The idea is the new, unified app would then serve as a way to track anything — Apple devices, other important items like a handbag or backpack, as well as the location of family members and trusted friends. And all of this information would be securely synced to iCloud.

Meanwhile, the new hardware — codenamed “B389,” the report says — would represent a threat to Tile and other Bluetooth trackers on the market, as Apple would be able to capitalize on its massive install base of iPhones and other Apple devices to develop its own crowdsourced tracking-and-finding network.

The new hardware tag will be paired to a user’s iCloud account and users will be able to receive notifications when a device, like their iPhone, gets too far away from the tag. Users will also be able to configure locations to be ignored, and can opt to share a tag’s location with friends or family.

And like Tile, when the item with the tag attached goes missing, users could then put the tag into a “Lost” mode that would alert the owner when it’s found. The “finding” takes place by way of a crowdsourced network that includes every other Apple device owner who’s opted in to use this same tracking service, it would seem.

A large crowdsourced network is today one of Tile’s key advantages.

To date, the company has sold 24 million Tiles, which now connect to 4 million items daily with a 90 percent success rate, thanks to its own community-find feature. A competitive product from Apple could eat away at Tile’s business, while also serving as a new source of device revenue for Apple — and perhaps subscription revenues, too, for access to the crowd-finding network.

The reported merger of Apple’s two tracking applications comes at a time when Apple is rethinking how it wants to position its apps. Another recent report from 9to5Mac had confirmed Apple’s plans to break up iTunes, and instead bring new Music, podcasts and TV apps to Mac users. Apple will revamp its Books app as part of these changes, too, the report said.

It’s worth noting that there’s a big leak at Apple right now, and 9to5Mac is benefiting.

In addition to the news about the unified apps, Tile-like tracker and the breakup of iTunes, the site also leaked a big preview of iOS 13, which is said to include a system-wide dark mode, new gestures, visual changes and more. And just yesterday, the site reported that Apple is working on a feature that will allow users to pair a Mac with an iPad to use as a secondary display — something offered today by companies like Luna Display or Duet Display.

As for the new, unified “Find My…” app and hardware tag, no timeline to a public release is yet known.

Powered by WPeMatico

U.S. federal court jury finds Apple infringed three Qualcomm patents

Mobile chipmaker Qualcomm has chalked up another small legal victory against Apple in another patent litigation suit.

A jury in a U.S. federal court in San Diego found Friday that Apple owes Qualcomm about $31M for infringing three patents, per Reuters.

As we reported earlier the San Diego patent suit relates to the power consumption and speed of boot-up times for iPhones sold between mid-2017 and late-2018.

Qualcomm had asked to be awarded up to $1.41 in unpaid patent royalties damages per infringing iPhone sold during the period.

The chipmaker has filed a number of patent suits against the iPhone maker in the U.S., Europe and Asia in recent years. The suits are skirmishes in a bigger battle between the pair over licensing terms that Apple alleges are unfair and illegal.

In a statement on on the San Diego trial outcome Qualcomm executive vice president and general counsel, Don Rosenberg, said:

Today’s unanimous jury verdict is the latest victory in our worldwide patent litigation directed at holding Apple accountable for using our valuable technologies without paying for them. The technologies invented by Qualcomm and others are what made it possible for Apple to enter the market and become so successful so quickly. The three patents found to be infringed in this case represent just a small fraction of Qualcomm’s valuable portfolio of tens of thousands of patents. We are gratified that courts all over the world are rejecting Apple’s strategy of refusing to pay for the use of our IP.

The iPhone models involved in the patent suit are iPhone 7, 7 Plus, 8, 8 Plus and X, which were found to infringe two Qualcomm patents, U.S. Patent No. 8,838,949 (“flashless booting”), and U.S. Patent No. 9,535,490 (data management between the applications processor and the modem); and the iPhone 8, 8 Plus and X which were found to infringe Qualcomm’s U.S. Patent No. 8,633,936 (high performance rich visual graphics with power management).

The patents are not contained in modems and are not standards-essential to cellular devices, Qualcomm said.

Reuters suggests the jury’s damages award could have wider significance if it ends up being factored into the looming billion dollar royalties suit between Apple and Qualcomm — by putting a dollar value on some of the latter’s IP, the San Diego trial potentially bolsters its contention that its chip licensing practices are fair, it said.

At the time of writing it’s not clear whether Apple intends to appeal the outcome of the trial. Reuters reports the iPhone maker declined to comment on that point, after expressing general disappointment with the outcome.

We’ve reached out to Apple for comment.

In a statement provided to the news agency Apple said: “Qualcomm’s ongoing campaign of patent infringement claims is nothing more than an attempt to distract from the larger issues they face with investigations into their business practices in U.S. federal court, and around the world.”

Cupertino filed its billion dollar royalties suit against Qualcomm two years ago.

It has reason to be bullish going into the trial, given a preliminary ruling Thursday — in which a U.S. federal court judge found Qualcomm owes Apple nearly $1BN in patent royalty rebate payments (via CNBC). The trial itself kicks off next month.

The U.S. Federal Trade Commission also filed antitrust charges against Qualcomm in 2017 — accusing the chipmaker of operating a monopoly and forcing exclusivity from Apple while charging “excessive” licensing fees for standards-essential patents.

That trial wrapped up in January and is pending a verdict from Judge Lucy Koh.

At the same time, Qualcomm has also been pursuing several international patent suits against Apple — also with some success.

In December Apple filed an appeal in China to overturn a preliminary ruling that could have blocked iPhone sales in the market.

While in Germany it did pull older iPhone models from sale in its own stores in January. But by February it was selling the two models again — albeit with Qualcomm chips, rather than Intel, inside.

This report was updated with comment from Qualcomm

Powered by WPeMatico

Siri gets new airline, food order and dictionary Shortcuts, with more on the way

Announced at last year’s WWDC, Apple’s been firing up Siri Shortcuts at a fairly steady clip. The company says there are now “thousands” of apps integrating the iOS 12 feature, which bring all sorts of third-party functionality to the smart assistant.

There are five new Shortcuts available starting today. Most notable (depending on where you get your airline miles, I suppose) is probably the one from American Airlines. Saying, “Hey Siri, flight update” will provide you with information on your upcoming travel plans. The response uses location information to determine what to share, including flight status, travel time and the gate from which it will depart.

Caviar has a new Shortcut as well. It lets users check on food status or reorder frequent items, like, say, “order my usual pizza,” for those of us who are perfectly fine with the food related ruts we’ve dug ourselves into. Merriam-Webster, meanwhile, is adding a “word of the day” Shortcut, while Dexcom is bringing glucose monitoring to the smart assistant.

In the next couple of months, Apple will add Shortcuts from Airbnb, Drop, ReSound and coffee-maker Smarter. Those all join recent additions from Waze and Nike Run Club. Apple clearly sees the features as a way to build out Siri’s functionality following increased competition from the likes of Google and Amazon.

The addition of these sorts of features can make for a much richer voice ecosystem, all while leaving third-party developers to do a lot of the heavy lifting.

Powered by WPeMatico

Apple is selling the iPhone 7 and iPhone 8 in Germany again

Two older iPhone models are back on sale in Apple stores in Germany — but only with Qualcomm chips inside.

The iPhone maker was forced to pull the iPhone 7 and iPhone 8 models from shelves in its online shop and physical stores in the country last month, after chipmaker Qualcomm posted security bonds to enforce a December court injunction it secured via patent litigation.

Apple told Reuters it had “no choice” but to stop using some Intel chips for handsets to be sold in Germany. “Qualcomm is attempting to use injunctions against our products to try to get Apple to succumb to their extortionist demands,” it said in a statement provided to the news agency.

Apple and Qualcomm have been embroiled in an increasingly bitter global legal battle around patents and licensing terms for several years.

The litigation follows Cupertino’s move away from using only Qualcomm’s chips in iPhones after, in 2016, Apple began sourcing modem chips from rival Intel — dropping Qualcomm chips entirely for last year’s iPhone models. Though still using some Qualcomm chips for older iPhone models, as it will now for iPhone 7 and iPhone 8 units headed to Germany.

For these handsets Apple is swapping out Intel modems that contain chips from Qorvo which are subject to the local patent litigation injunction. (The litigation relates to a patented smartphone power management technology.) 

Hence Apple’s Germany webstore is once again listing the two older iPhone models for sale…

Newer iPhones containing Intel chips remain on sale in Germany because they do not containing the same components subject to the patent injunction.

“Intel’s modem products are not involved in this lawsuit and are not subject to this or any other injunction,” Intel’s general counsel, Steven Rodgers, said in a statement to Reuters.

While Apple’s decision to restock its shelves with Qualcomm-only iPhone 7s and 8s represents a momentary victory for Qualcomm, a separate German court tossed another of its patent suits against Apple last month — dismissing it as groundless. (Qualcomm said it would appeal.)

The chipmaker has also been pursing patent litigation against Apple in China, and in December Apple appealed a preliminary injunction banning the import and sales of old iPhone models in the country.

At the same time, Qualcomm and Apple are both waiting the result of an antitrust trial brought against Qualcomm’s licensing terms in the U.S.

Two years ago the FTC filed charges against Qualcomm, accusing the chipmaker of operating a monopoly and forcing exclusivity from Apple while charging “excessive” licensing fees for standards-essential patents.

The case was heard last month and is pending a verdict or settlement.

Powered by WPeMatico

Many popular iPhone apps secretly record your screen without asking

Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let app developers record the screen and play them back to see how its users interacted with the app to figure out if something didn’t work or if there was an error. Every tap, button push and keyboard entry is recorded — effectively screenshotted — and sent back to the app developers.

Or, as Glassbox said in a recent tweet: “Imagine if your website or mobile app could see exactly what your customers do in real time, and why they did it?”

The App Analyst, a mobile expert who writes about his analyses of popular apps on his eponymous blog, recently found Air Canada’s iPhone app wasn’t properly masking the session replays when they were sent, exposing passport numbers and credit card data in each replay session. Just weeks earlier, Air Canada said its app had a data breach, exposing 20,000 profiles.

“This gives Air Canada employees — and anyone else capable of accessing the screenshot database — to see unencrypted credit card and password information,” he told TechCrunch.

In the case of Air Canada’s app, although the fields are masked, the masking didn’t always stick (Image: The App Analyst/supplied)

We asked The App Analyst to look at a sample of apps that Glassbox had listed on its website as customers. Using Charles Proxy, a man-in-the-middle tool used to intercept the data sent from the app, the researcher could examine what data was going out of the device.

Not every app was leaking masked data; none of the apps we examined said they were recording a user’s screen — let alone sending them back to each company or directly to Glassbox’s cloud.

That could be a problem if any one of Glassbox’s customers aren’t properly masking data, he said in an email. “Since this data is often sent back to Glassbox servers I wouldn’t be shocked if they have already had instances of them capturing sensitive banking information and passwords,” he said.

The App Analyst said that while Hollister and Abercrombie & Fitch sent their session replays to Glassbox, others like Expedia and Hotels.com opted to capture and send session replay data back to a server on their own domain. He said that the data was “mostly obfuscated,” but did see in some cases email addresses and postal codes. The researcher said Singapore Airlines also collected session replay data but sent it back to Glassbox’s cloud.

Without analyzing the data for each app, it’s impossible to know if an app is recording a user’s screens of how you’re using the app. We didn’t even find it in the small print of their privacy policies.

Apps that are submitted to Apple’s App Store must have a privacy policy, but none of the apps we reviewed make it clear in their policies that they record a user’s screen. Glassbox doesn’t require any special permission from Apple or from the user, so there’s no way a user would know.

Expedia’s policy makes no mention of recording your screen, nor does Hotels.com’s policy. And in Air Canada’s case, we couldn’t spot a single line in its iOS terms and conditions or privacy policy that suggests the iPhone app sends screen data back to the airline. And in Singapore Airlines’ privacy policy, there’s no mention, either.

We asked all of the companies to point us to exactly where in its privacy policies it permits each app to capture what a user does on their phone.

Only Abercombie responded, confirming that Glassbox “helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience.” The spokesperson pointing to Abercrombie’s privacy policy makes no mention of session replays, neither does its sister-brand Hollister’s policy.

“I think users should take an active role in how they share their data, and the first step to this is having companies be forthright in sharing how they collect their users data and who they share it with,” said The App Analyst.

When asked, Glassbox said it doesn’t enforce its customers to mention its usage in their privacy policy.

“Glassbox has a unique capability to reconstruct the mobile application view in a visual format, which is another view of analytics, Glassbox SDK can interact with our customers native app only and technically cannot break the boundary of the app,” the spokesperson said, such as when the system keyboard covers part of the native app, “Glassbox does not have access to it,” the spokesperson said.

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

But for the fact that the app developers don’t publicize it just goes to show how creepy even they know it is.


Got a tip? You can send tips securely over Signal and WhatsApp to +1 646-755–8849. You can also send PGP email with the fingerprint: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Powered by WPeMatico