Glassbox

Glassbox is an Israeli software company. It sells session-replay analytics software and services.

History
As of October 2018, Glassbox had raised US$32.5 million of capital funding. In exchange for investing in Glassbox, Washington, DC, equity firm Updata Partners was given two Glassbox board seats.

In April 2020, Glassbox raised US$40 million in series C funding.

In October 2020, Glassbox acquired its rival SessionCam.

Privacy concerns
"Last year, we published an expose about how Glassbox’s SDK was being adopted by some customers, where they were not fully disclosing to their own customers just how their online actions were being monitored and tracked in the name of quality control; and how and if sensitive data was being sucked up in the process.

It turns out that the story did open up some cracks and help both Glassbox, its customers, and platform operators like Apple and Google (in the case of apps) get on the same page with how well these tools worked, and when."

- Ingrid Lunden

From at least as early as October 2018, Glassbox promoted its software as allowing its customers' websites or mobile apps to "see exactly what your customers do in real time". This prompted some Twitter users to express privacy concerns about Glassbox's software.

In February 2019, TechCrunch reported that numerous popular applications in Apple's iOS App Store used Glassbox software to record users' activities without the users' informed consent, which compromised users' privacy and contravened the rules of the iOS App Store. The affected apps included ones published by Abercrombie & Fitch, Air Canada, Expedia, Hollister, Hotels.com, and Singapore Airlines.

In response, Apple told app developers that if they continued to flout the rules of the iOS App Store, their apps would be removed from it. However, it was not clear whether Apple's request was heeded.

Following TechCrunch's investigation, security researchers from Symantec's enterprise mobile threat division found 277 iOS apps and 291 Android apps that employed Glassbox software, including a number of banking and credit card apps, "putting a user's financial information at risk of exposure". Google, whose Play Store is the Android counterpart of the iOS App Store, did not comment on whether it would expect Android app developers to remove session-replay functionality.

Anti-malware company Avast observed that using session-replay analytics "without even mentioning it is not right, and probably illegal in some countries." Computer science professor Thomas Keenan, author of the book Technocreep, suggested that people who do not want a company to record their data like this should delete the app concerned. IT Pro reported that Glassbox retains session, demographic, and location data for up to 24 months, categorizing it by age, gender, and interests, and may combine it with other information obtained from other companies.