A bunch of apps from some major players — including Expedia, Hollister, Air Canada, Abercrombie & Fitch, Hotels.com and Singapore Airlines — recently came to grief because of a security/privacy hole in a third-party analytics app they all used, according to a report from TechCrunch. The incident exposed extremely sensitive customer information including payment card and password data shared in clear text. That sort of thing shouldn’t be happening — and yet everyone seems focused on the wrong lesson.

The analytics app, called Glassbox, captures all information from a user’s interaction with the app, including keystrokes entered and spots on the touchscreen the user touched or clicked. It also may include some screen captures. In every case, the apps give insufficient privacy disclosures to app users, or none at all. And, as already mentioned, it shares sensitive data in clear text.

Of these two issues, which do you think Apple jumped on? If you said, “Recklessly sharing passwords and payment card data,” you haven’t been paying attention.

“Protecting user privacy is paramount in the Apple ecosystem,” Apple said in a statement. “Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity. We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary.”

And in a letter that Apple sent to developers — intercepted by TechCrunch — Apple wrote, “Your app uses analytics software to collect and send user or device data to a third party without the user’s consent. Apps must request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.” Apple gave the developer less than a day to remove the code and resubmit the app, and if it didn’t meet that deadline, the app would be removed from the App Store, the email said, according to the TechCrunch story.

What about the clear-text massive security hole? Isn’t Apple just a wee bit concerned about that?



Source link

https://www.buyspyequipment.com/product/car-tracker-gps-tracking-pet-auto-real-time-monitor-mini-gps-wallet-track-micro-device-global-tool-voice-recording-tools/

LEAVE A REPLY

Please enter your comment!
Please enter your name here