Apple has rolled out the iOS 12.1.4 update to iPhone users today (spotted by Enagdget), fixing the bug with Group Facetime that allowed users to eavesdrop on the audio of the receiver before they picked up. The firm had earlier disabled the feature on iOS 12.1.3 devices and earlier to avoid further privacy concerns until it could get this week’s update out of the oven.
In the meantime, TechCrunch reports that Apple’s app store might be on the verge of another privacy scandal. While apps from the store are often secure and scanned by Apple’s moderators to enable a quality experience, some potential privacy violations still sneak under the radar. Take session replay, a technology used by developers in major companies like Hotels.com and Abercombie and Fitch. This allows an app to record a session (i.e, what a user does while an app is running) and send the screen recording back to the developers for analysis.
In some cases like with Air Canada, data like passport numbers and credit card information were clearly visible in the session replay recordings, meaning that anyone with access to the database could suddenly gain access to a credit card and passport data of unwitting customers.
Companies which use this technology defend their practices by noting that they can only record the in-app screens, and that their privacy policies cover them — even when they don’t. The best solution here appears to be increased transparency, making it clear to users that their sessions may be recorded and improved masking technology, so valuable user data isn’t exposed. At least with that users just may find it a little less creepy.
Update: Apple has now issued a statement demanding companies disclose that they record user sessions, or they will “take immediate action if necessary“, saying:
“Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.