Recording video from your screen is not so secret. Burger King and Appsee Versions

    The user fennikami fired today with his post about the Burger King app , which supposedly records everything that is happening on the user's screen. Video evidence, however, he did not provide.

    Screenshot of analytics Appsee

    Editorial Habr contacted Burger King and Appsee to tell their version of events. Because a few views on a question are always better than one. Burger King responded with a voluminous press release and still issued an Appsee video recording from the screen. And Appsee limited himself to a short PDF, which he kind of says: guys, our business is small, we just love to analyze.

    What does burger king say

    (if interested, here ’s the full press release )
    1. The service itself does not record bank card data.
    2. Our acquiring (Yandeks.Kassa) does not transmit us the data of bank cards. So no one, including AppSee, can see such data, since they are programmatically encrypted and hidden in the video with black stripes.

    If you believe this video, the fields are not blurred, but covered with black dies.

    They say that data is collected from only 10% of 3 million users and not on the cellular network - only when the smartphone is connected to Wi-Fi. In order to surely exclude oneself from those 300k users whose actions are analyzed, the application has a button “Helpdesk”, and then a feedback form. There you need to explicitly ask you to turn off the Appsee sample.

    Wrote them. They promised to process the request "during working hours from 10 to 18, from Monday to Friday."

    It is stated that all data comes to the server without a username and personal data. Appsee complies with the rules of the GDPR, so follow this carefully.

    Burgering Appsee data is needed to improve the usability of the application.
    Even the data we receive (name, phone and email) we need only to charge our guests bonuses for the order.
    In this case, the user agreement says that the user sends:

    • name,
    • last name
    • date of birth
    • phone number,
    • email
    • device information.
    8.1. In accordance with the provision of the Federal Law of July 27, 2006 No. 152 FZ “On Personal Data”, the User freely, by his own will and in his interest, provides the Company with his personal data in the following composition: name, surname, date of birth, telephone number, email address, data on the user's mobile device model (manufacturer, model, operating system version, device identifier and other technical parameters and identifiers, including IMEI), and other information that the User can indicate in his address, ie belonging to special categories of personal data and biometric and other data generated within the processing of personal data processes of the company, including information about the preferences and orders of the User (the date, the composition of the order, etc. a list of accounts on the User’s device; location data of the User’s device; other technical data necessary to improve the functionality and performance of the Application. The user agrees (as well as by third parties to fulfill the Company's obligations) to perform the following actions with his personal data: collection (receipt), recording, systematization, storage, clarification, retrieval, use, transfer (provision, access), blocking, depersonalization, deletion and destruction of personal data, actions (operations) performed using automation equipment and provision of consulting services at the request of an individual, including storing information at the request of a subject, etc. the management of advertising, marketing and information companies for clients, the arrangement and delivery of an order to a client,

    The full text of the agreement on the Burger King website
    About the right to use user data is written in the same paragraph, by the way.

    What does Appsee say

    Appsee also released an official release in which it says that the company that uses their services should:

    • Explicitly convey to the end user that application usage data will be collected,
    • specify that all fields where the user's personal information appears will be hidden.

    PS I sent another official request to the developer of the Burger King app - e-legion. They blog on Habré and decided to answer right in it .

    Also popular now: