Using Glassbox’s session reply technology, app makers can see every tap and swipe you make. Keystrokes are also recorded and any text you write is captured as well, though text inputs are usually masked so as to hide sensitive information like credit card or passport numbers. However, TechCrunch found that not all apps that are using Glassbox’s tech are masking data fields properly, leaving sensitive information exposed in the screen recordings. And since all screen recordings go back to the app developer through Glassbox’s servers, anyone at the company with access to those servers could potentially see a user’s unmasked personal data.
Ban them, and it’s not just Glassbox. In fact, apps should have to disclose the analytics packages they use in the app description.