Yesterday, a report detailed how certain apps used session replay frameworks to monitor user interactions. Now, Apple is cracking down on that practice, saying apps must remove such code or face being kicked out of the App Store.
According to TechCrunch, Apple is notifying developers that are using session replay frameworks that they must remove the code due to privacy concerns. In a statement, an Apple spokesperson said that protecting privacy is “paramount in the Apple ecosystem.”
In an email sent to affected developers, Apple says that apps must “request explicit user consent” before logging or recording any user activity:
“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.
Developers affected by this crackdown told TechCrunch that Apple is giving them “less than a day to remove the code and resubmit their app.” If the developers fail to adhere to this request, their app will be removed from the App Store.
An investigation from TechCrunch yesterday explored how prominent apps like Expedia and Hotels.com were using “customer experience analytics firms” to effectively record user screens. The goal of such frameworks is to see how a user interacts with apps and when they lose interest. In some cases, however, apps were not properly masking sensitive information, making things like credit card information and passwords viewable to all employees.
Notably, Apple’s statement today doesn’t explicitly ban these practices. Instead, it says that apps must request user consent and “provide a clear visual indication” of recording and logging.
