Independent analysts have found widespread abuse of a functional tool for the iOS platform. This is Glassbox's "session replay" technology. It is quite legal and is widely used by many companies to study the effectiveness of their applications.
Like so many controversial things in this world, Glassbox's service was conceived as a good measure. This is a kind of spyware that collects information about the actions of the user during a session with a specific application. For example, in the case of using a flight booking service, developers can see how many and which buttons the user has pressed, how much data he has entered, and can estimate his time spent and the overall impression of the interface. All this helps to improve the performance of branded applications, and therefore the technology is in demand.
However, the official app descriptions do not mention the use of this technology. And the data that Glassbox collects and analyzes is transferred to third-party servers for processing. And then, as analysts found out, chaos begins - each developer evaluates the concern for the security of this information in his own way. Somewhere it is encrypted, somewhere it is stored on closed servers, but in many cases, information from the smartphone screen is simply sent to the cloud in the clear.
Glassbox's position is that they provide their customers with a tool to improve application performance, but they are not responsible for using it. It was not possible to get any comments from the companies themselves, whose applications were found to be spying on users. And this is just a drop in the ocean - in addition to Glassbox, there are hundreds of services for processing confidential information without the knowledge of the user, ostensibly for his own good. But how and for what purposes they are actually used is an open question.