Fable about Burger King and user data. Developer Comments
Hello, Habr! We are the company e-Legion - developer of the mobile application Burger King. We write this post to appease everyone who worries about the data of their bank cards, and explain how and why data from the users' screens are collected.
Burger King - the owner of an application that AppSee has chosen for work.
e-Legion - developer of the application, which received from Burger King keys from the SDS AppSee and integrated it into the application.
Appsee - an analytical service that collects statistical data, transmits and stores them in a secure manner, but nevertheless is under suspicion.
fennikami - as he reported about himself: 18 years old, probably bearded, in his spare time picking different applications
Outraged users - 3 million people, indignant that the data of their bank cards can fall into the hands of intruders.
June 11 appeared on Pikabu, and on June 12 was duplicated on Habr post , in which the user is fennikami examines the traffic data of the mobile application Burger King and concludes that he is being watched: they record video from the screen when he enters the data of his bank card, and then transfer this information to third parties.
This information outraged the users of the application and stirred up the media. Dozens of publications with headlines about the theft of personal data and hundreds of letters to the address of Burger King with a request to comment written in the post.
ACT I. Where Appsee records the user's screen and sends the record to Burger King
All applications are tested during development and if they find bugs in them, the testers write bug reports for developers. All these errors are corrected by the developers and the testers again check the application for the occurrence of these errors.
Some errors may not be noticed during the testing phase, and some can not be foreseen, and errors already arise from users, for example, the application crashes. Then the analyst system comes to the rescue. After all, users will not write us bug reports, and thanks to the analytics system, Burger King will see the errors, and we can fix them so that your application will work stably.
The mobile application Burger King uses one of the most famous services for the collection and analysis of statistics Appsee. Statistics are collected solely for the purpose of analyzing the quality of the application, identifying and eliminating possible errors, emergencies and the like. As in any statistics, mass indicators are important here. Any private confidential user data, in this sense, is not of interest and is not collected.
One of the important features of Appsee statistics is the recording of video from the screen while the application is running. This allows for a much higher-quality level to provide technical support for the application, to detect and eliminate various shortcomings.
The concern of users in collecting statistics and especially recording video is understandable. Let's see how this happens and what data eventually gets into the analytics system.
Recording and transmission of video is made in about 10% of users, which are selected randomly.
Recording and transfer of video occurs only if there is a Wi-Fi connection and is never made through mobile networks. www.appsee.com/tutorials/recording-settings
Video recording is performed with extremely low quality to ensure a low load on the device's resources and data transmission channels.
When recording video, all the data entry fields, passwords and images from the camera are automatically hidden. In analytics they are seen as black rectangles.
Screenshot from the Appsee control panel. The input fields are closed with black rectangles.
ACT II. Where we see how the data is hidden and disassemble the screenshots with Pikabu
Appsee, as a very large company on the market, strictly adheres to all existing laws on working with personal and other user data. In particular, the European requirements of the GDPR, which are much even stricter than the Russian ones.
The Appsee SDK automatically detects and hides all fields of data entry, passwords and images from the camera. This can be seen on the screenshot of the very same fennikami - The author of the post on Pikabu. Two lines that say that all fields are hidden on the client itself when recording video:
Screenshot fennikami from the post on Pikabu
Hiding data is automatically written in the application code. And the Appsee SDK works in such a way that hiding the fields with personal data occurs before the entries leave the mobile device. Let's make sure of this.
Act III. Where we compare records on the phone and in the analytics system
The video is still in the phone
Thanks for the video norver , which checked what data is actually sent to the Appsee server in its post
The video came in Appsee
The video is recorded from the Appsee control panel.
Act IV. Where we sum up and reward Fennikami for curiosity
Your data is secure because:
Hiding personal data when recording video for analytics is written in the application code. Data is hidden before the mobile device leaves.
Burger King, e-Legion and Appsee do not have access to bank data of users. These data are not recorded, stored or transmitted to third parties.
Burger King only receives the name, email and phone number of the user in accordance with the User Agreement: burgerking.ru/legal_for_app
Recording video from screens helps to collect statistics in order to improve the performance of the application.
Appsee strictly adheres to all existing laws on the work with personal data of users. This is spelled out in their policy: www.appsee.com/legal/privacypolicy
Data transfer to the Appsee analytics service occurs only over Wi-Fi and does not consume mobile traffic
The author of the article under the name fennikami we want to express respect for inquisitiveness to the data of requests /answers. Still, do not sound the alarm before you learn all the features of the library or the SDK.
This we will teach - we give you free training in Academy of e-Legion . Choose a specialty and write to [email protected] to gain access to the curriculum.
It may be interesting
Lisa Zahner, an active investor and a recognized leader in San Francisco’s commercial real estate market, specializes in Multifamily and Investment Real Estate. Check Out: Multifamily Real Estate