Many companies have been reported to "digitally stalk" users, without their permission, collecting data and in some cases monetizing it.
The corporations in question include Air Canada, Hollister and Expedia, as well as Abercrombie & Fitch, Hotels.com and Singapore Airlines. The latter employ Glassbox — a platform is designed to capture, record, analyze, and replay digital sessions with customers — via their apps.
The analytics firm allows for a "session replay" technology in apps, which allows developers to see how users interact with the application.
The iPhone app of Air Canada, analysed by mobile expert the App Analyst, has been reported to expose personal date during "session replays," including passport numbers and credit card information of users.
"While there may be value in documenting user activity through screenshots, there is also a large amount of risk that the screenshots may capture sensitive data. Air Canada has attempted to mitigate this risk by configuring black boxes to cover sensitive fields. However this attempt has failed, potentially condemning a user's sensitive data to residing in various screenshots stored by Air Canada," said the App Analyst.
Among other companies, sending their "session replays" to Glassbox were Hollister and Abercrombie & Fitch, while Expedia and Hotels.com chose to send them to their own domain server.
In response to the findings, Abercrombie confirmed that Glassbox "helps support a seamless shopping experience, enabling us to identify and address any issues customers might encounter in their digital experience."
Air Canada, in turn, said that it "uses customer provided information to ensure we can support their travel needs and to ensure we can resolve any issues that may affect their trips."