Glassbox

Glassbox is an Israeli software company.[1][4][5][6] It sells session-replay analytics software and services.[7][2][8]

This article is about the analytics company. For the game engine GlassBox, see SimCity (2013 video game).
Glassbox Ltd.[1]
TypePrivate
IndustrySoftware[1]
Founded2010[2]
FoundersYoav Schreiber, Yaron Gueta, Hanan Blumstein[2]
HeadquartersPetah Tikva, Israel[1][3]
Websiteglassboxdigital.com[1]

History

As of October 2018, Glassbox had raised US$32.5 million of capital funding.[2] In exchange for investing in Glassbox, Washington, DC, equity firm Updata Partners was given two Glassbox board seats.[2]

In April 2020, Glassbox raised US$40 million in series C funding.[5]

In October 2020, Glassbox acquired its rival SessionsCam.[4]

Privacy concerns

The Glassbox SDK can collect almost all data an app user enters into a screen, like passwords and credit card info, as well as mouse movements, clicks, scrolling, swiping, tapping, and more. Generally, the session replays of these activities are sent to the server of the analytics vendor or saved on the app developer’s server. When the data is not concealed properly, anyone who can access the screenshot database can see the information. This incident is just another salient example of the risk posed to mobile users by apps believed to be secured but which, in fact, are vulnerable to data exposures.

Elaheh Samani, App Analytics SDKs Could Expose Sensitive Data, Broadcom Symantec, February 2019[9]

From at least as early as October 2018, Glassbox promoted its software as allowing its customers' websites or mobile apps to "see exactly what your customers do in real time".[10][2][8][5][6] This prompted some Twitter users to express privacy concerns about Glassbox's software.[11][10]

In February 2019, TechCrunch reported that numerous popular applications in Apple's iOS App Store used Glassbox software to record users' activities without the users' informed consent, which compromised users' privacy and contravened the rules of the iOS App Store.[7][12][13][14] The affected apps included ones published by Abercrombie & Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines.[15]

In response, Apple told app developers that if they continued to flout the rules of the iOS App Store, their apps would be removed from it.[16][17][18] However, it was not clear whether Apple's request was heeded.[19]

Following TechCrunch's investigation, security researchers from Symantec's enterprise mobile threat division found 277 iOS apps and 291 Android apps that employed Glassbox software, including a number of banking and credit card apps, "putting a user's financial information at risk of exposure".[9] Google, whose Play Store is the Android counterpart of the iOS App Store, did not comment on whether it would expect Android app developers to remove session-replay functionality.[20][21]

Anti-malware company Avast observed that using session-replay analytics "without even mentioning it is not right, and probably illegal in some countries."[22] Computer science professor Thomas Keenan, author of the book Technocreep, suggested that people who do not want a company to record their data like this should delete the app concerned.[23] IT Pro reported that Glassbox retains session, demographic, and location data for up to 24 months, categorizing it by age, gender, and interests, and may combine it with other information obtained from other companies.[24]

References
  1. "Glassbox Ltd - Company Profile and News". Bloomberg.com.
  2. Vilar, Henry. "Customer experience tech Glassbox achieves $25m funding". Fintech Futures. Retrieved 14 January 2020. Glassbox says it architected its technology platform to capture all [user] activity in real time...
  3. "The dark side of Israeli innovation". Haaretz.com.
  4. Orbach, Meir (October 15, 2020). "Israel's Glassbox acquires rival SessionsCam in custom analytics merger". CTECH - www.calcalistech.com.
  5. Musgrove, Annie (2020-04-07). "Israeli analytics company Glassbox raises $40 million to reveal digital customer journeys to enterprise". Tech.eu. Israeli analytics platform Glassbox has raised a $40 million Series C round... Enterprise customers use the platform to analyse user behavior on websites and mobile apps. Glassbox provides a complete playback of every single customer journey, supplemented with data captured from servers.
  6. "FinovateEurope 2020 – Glassbox". Finovate.
  7. Whittaker, Zack (2019-02-06). "Many popular iPhone apps secretly record your screen without asking". TechCrunch. Archived from the original on 2019-02-06. Retrieved 2019-02-08.
  8. Dormehl, Luke (February 7, 2019). "Some popular iOS apps recorded users' screens for analytics".
  9. "App Analytics SDKs Could Expose Sensitive Data". symantec-enterprise-blogs.security.com.
  10. "Glassbox on Twitter: "Imagine if your website or mobile app could see…". Twitter. 2018-10-16. Archived from the original on 2019-02-05. Retrieved 2020-12-10. Imagine if your website or mobile app could see exactly what your customers do in real time... This is Glassbox.
  11. Vaas, Lisa (2019-02-08). "iPhone apps record your screen sessions without asking". Naked Security. Sophos. The answer from one Twitterer: “unacceptable surveillance.” From another: “A perfect nightmare for humanity.”
  12. Schroeder, Stan. "A bunch of popular iPhone apps silently record your screen, report claims". Mashable. Archived from the original on 2020-11-07. Retrieved 2019-02-08.
  13. Lawler, Richard (2019-02-07). "Did you know these iPhone apps record your screen while you use them?". Engadget. Archived from the original on 2019-02-08. Retrieved 2019-02-08.
  14. Campbell, Mikey. "Popular iOS apps use Glassbox SDK to record user screens without permission". AppleInsider. Archived from the original on 2019-02-07. Retrieved 2019-02-08.
  15. Clover, Juli. "Some Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes". MacRumors. Archived from the original on 2019-02-06. Retrieved 2019-02-08.
  16. Whittaker, Zack (2019-02-07). "Apple tells app developers to disclose or remove screen recording code". TechCrunch. Archived from the original on 2019-02-07. Retrieved 2019-02-08.
  17. Palladino, Valentina (February 8, 2019). "Apple to developers: disclose screen recording or get booted from App Store". Ars Technica. Archived from the original on 2019-02-08. Retrieved 2019-02-08.
  18. Griffin, Andrew (February 8, 2019). "Apple tells apps secretly recording what users do on iPhone to stop immediately". The Independent. Archived from the original on 2019-02-08. Retrieved 2019-02-08.
  19. Reisinger, Don (2019-02-08). "Apple Reportedly Threatens to Take Down Apps that Secretly Record Users' Activity". Fortune. Archived from the original on 2019-02-08. Retrieved 2019-02-08. It's unclear whether the affected apps, which include some of the more popular retail and travel brands in the App Store, have complied with Apple's request.
  20. Davis, Jessica (2019-02-11). "Apple Tells App Developers to Disclose or Remove Screen Recording Code". Security Today. Retrieved 2020-12-11. Glassbox can also be used by Android app developers, but Google has not commented on whether it would also ban the screen recording code.
  21. Henderson, Rik (2019-02-08). "Apple will remove screen recording apps if they don't own up". Pocket Lint. Retrieved 2020-12-11. The third-party analytics tool in question is provided by Glassbox and is also present in Android apps. Google is yet to comment, although its own rules are similar to Apple's: "Apps must not hide or cloak tracking behaviour or attempt to mislead users about such functionality," they contain.
  22. Avast Security News Team (2019-02-07). "iPhone apps record your taps". Archived from the original on 2020-10-26.
  23. "Air Canada app records your personal information — and you may have no clue". Global News.
  24. "Widely-used iOS apps recording screens without user permission". IT PRO.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.