Websites also record your screen

February 9th, 2019 by Anthony R.

Yes apps might record your screen, or record how you interact, but did you know websites and apps on other platforms have been doing this for a lot longer.

Recent news about the fact that a bunch of iOS apps where found to be running Glassbox a SDK developers can use to do analytics (think of it like Google Analytics for apps). This included apps like Air Canada, Hollister and Expedia as reported by TechCrunch, but the article is extremely miss leading.

Note we are a little bias when it comes to platforms as we almost fully use Apple Devices here. We will try and keep all information not device related and just informational.

So what is Glassbox

Glassbox is a company that works with other companies to embed there system into apps. This allows them to log info (analytics) on users. They have a tagline on the website under Why Glassblock that kinda explains what they are "behind data, we see people".

They provide all kinds of analytics for companies like "Every tap, swipe and click is automatically indexed, and becomes immediately searchable." but the one that has everyone talking is "Your session recordings are tamper-proof, source-proof, time stamped, fully encrypted and stored on your side, and ours.".

This kind of tracking allows them and the customer to see how the users interact with the apps. Early on this is important and most apps do have private betas where they ask for info like this from users to see what needs to change, but most will stop this once the app is released to the public... Or do they?

What do you mean websites do the same?

First things first, we don't do stuff like this on NodeHost. In fact the only analytics we do is with a private installed Matomo instance, this only allows basic referral data, countries most visitors hit from, and other basic info. All data is anonymized. We don't even see IP's as the first 3 characters are only stored, for example 112.0.0.0.

Yes websites also use services like this to do heat map tracking of user interactions and clicks, and some also do videos. Services like Hotjar, Mouseflow, Inspectlet (they also do eye tracking heatmaps), and Smartlook. This is only a small hand full of services that you can find that do the same kind of tracking but for websites.

Not just iOS, all platforms

This kind of news makes it easy to target one platform like iOS and Apple, but the same apps that do this on iOS can also do this on Android and many more then likely do.

Users do deserve to know and get outraged

This kind of tracking is harmful to users, and is used to try and have data companies can share to get more funding in most cases (look how good we are doing). This kind of tracking is not needed at all and should not be used if you value users privacy.

Don't just bash the host, it's hard to see this stuff

We don't go visiting every site all the time to see what users are doing, this would take a lot of our time. But Apple does when apps update, but for smaller updates they tend to only open the app as a normal user to see if it actually works and is not just spam. This makes it hard to see if things like this are hidden in the background, and some services like this will not even run all the time so that it's harder to find. Before you ask no Android does not even do human testing, making it easer to sneak things past the few rules they have for apps.

The end result

Tracking sucks, and users should get the opportunity to turn off tracking. With this did you know we offer a quick link to opt out of all tracking, just visit https://nhost.ca/notrack to enable no tracking if you don't want us to see you in our basic analytics stats. You can read more about this in our Privacy Policy in human readable text. Long story short sites and apps have done this for over a decade and now that users are getting more aware of the privacy they should have, we will be seeing more articles like this in the news.