Major Hotels and Airlines Secretly Spy on Users Through Their Apps

Several popular airlines, hotel chains, and retailers are secretly spying on iPhone users through their apps by taking screenshots without their knowledge. This was revealed by TechCrunch journalists following their own investigation.

How the Spying Works

According to the report, companies use a technique known as session replaying to monitor user activity. They rely on third-party firms, such as the analytics company Glassbox, which offers special software that can be embedded into mobile apps. This software records everything users do on their smartphones and can even take screenshots without the user’s consent. These screenshots may include sensitive information, such as personal and banking details entered into forms.

Lack of Transparency and User Consent

TechCrunch found that none of the apps using Glassbox technology mention this type of data collection in their user agreements. Additionally, the apps do not request permission from users to engage in this activity.

Apps Involved in the Investigation

The investigation identified several apps using this technology, including:

• Air Canada
• Abercrombie & Fitch and its subsidiary Hollister
• Expedia
• Hotels.com
• Singapore Airlines

The investigation was based on a report by App Analyst specialists.

Security Risks for Users

While session replaying is a common technique, Air Canada’s app uses it in a way that puts its users at risk. The app does not properly mask session replay files when transmitting them from the user’s device to the company’s servers. This vulnerability could allow hackers to perform a “man-in-the-middle” attack and intercept the data.

It’s worth noting that in August of the previous year, 20,000 Air Canada users were victims of a data breach.