• Ghostalmedia@lemmy.world
    link
    fedilink
    English
    arrow-up
    230
    arrow-down
    2
    ·
    5 months ago
    1. It’s also android phones. All of the shots in the article are of android phones.

    2. This is likely just recording sessions of the carrier’s app, not everything on your phone. Session recording for CS and UX is pretty common these days. It can be impossible to identify a problem unless you actually see what is happening in the app.

    That said, you have to ask for consent for this shit. A lot of companies don’t alert customers when they release a new tool that requires privacy consent.

    • dual_sport_dork 🐧🗡️@lemmy.world
      link
      fedilink
      English
      arrow-up
      53
      ·
      5 months ago

      This is so. At the bottom of the article it says:

      To help us give customers who use T-Life a smoother experience, we are rolling out a new tool in the app that will help us quickly troubleshoot reported or detected issues. This tool records activities within the app only and does not see or access any personal information. If a customer’s T-Life app currently supports the new functionality, it can be turned off in the settings under preferences.

      So yes, it can only see itself, i.e. within the T-Mobile app. It’s still dumb.

      I’m not well versed enough in Android app development to answer whether or not one userspace app can even access the screen contents of another app without root or special permissions, but it wouldn’t surprise me if there are several roadblocks in that path on the part of the OS for obvious reasons.

      • underline960@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        21
        arrow-down
        7
        ·
        5 months ago

        For quality assurance reasons, we’ve defined ‘within the app’ as ‘everything on the phone while our app is running in the background’.

        • pixely@lemmy.world
          link
          fedilink
          English
          arrow-up
          12
          ·
          5 months ago

          That’s not possible without a permission prompt (on both iOS and android). So there’s no changing the goalposts like you suggest, without the user giving explicit permission.

          • Lyrl@lemm.ee
            link
            fedilink
            English
            arrow-up
            3
            ·
            5 months ago

            It’s not possible at all, no permission exists that lets an Android app record something in another app. Much to the sadness of the mobile Hearthstone community that would love collection managers and stat tracking apps like what PC and Mac have.

            • Refurbished Refurbisher@lemmy.sdf.org
              link
              fedilink
              English
              arrow-up
              2
              ·
              edit-2
              5 months ago

              Yeah, it’s possible with something like Shizuku. scrcpy works via adb, so something similar could work on-device.

              It’s just not a part of Android’s standard permission system.

        • disguy_ovahea@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          ·
          5 months ago

          The API for iOS screen recording is sandboxed to the app itself. There is currently no system-wide screen recording API for developers.

          • kalleboo@lemmy.world
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            5 months ago

            iOS does have an API for apps to record the screen throughout the OS these days through Broadcast Extensions, but it has to be user-initiated through the control center screen recording toggle (where they then get to pick what app to record the screen to instead of just saving as a video), it wouldn’t do that people think the T-Mobile app is doing

            • disguy_ovahea@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              5 months ago

              I see it now. Yes, broadcasting is available, but with the limitations you’ve specified. Thanks for the update/correction!

      • AnAmericanPotato@programming.dev
        link
        fedilink
        English
        arrow-up
        9
        ·
        5 months ago

        I’m not well versed enough in Android app development to answer whether or not one userspace app can even access the screen contents of another app without root or special permissions

        This requires special permissions and explicit user approval every time an app starts screen recording, plus it shows a red notification whenever screen recording is active.

        I think you could get by with a one-time user approval as a device administration or assistive app permission, which you’d need to manually grant in Settings. Unlikely anyone would do that by accident.

        That might be different for system-level apps. I haven’t bought a carrier-branded phone in 10+ years so I’m not sure what that’s like these days.

        • Hello Hotel@lemmy.world
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          5 months ago

          Last I checked, you can have a system app as an accessability provider and be enabled by default

      • Lyrl@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        It’s not possible on Android, which is incredibly disappointing because I play a card game exclusively on mobile, and would love to use a collection manager and stat tracking app. These exist for PC and Mac, but not for mobile because of the very hard no-record-other-apps wall.

      • Ghostalmedia@lemmy.world
        link
        fedilink
        English
        arrow-up
        25
        ·
        5 months ago

        The article was updated. That may have been the original title since this was first discovered on an iPhone.

        Buy yeah, OP should update this headline. Especially since it probably hits a lot more Lemmy users than originally reported.

      • bluemellophone@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        5 months ago

        That would be a pretty big security hole in iOS if that was allowed, but it isn’t. Notification and other UI elements are rendered on top of the underlying app, which does not have access to or cannot see the full screen’s canvas. We can see practical implementations of this “snapshot” test feature in code:

        https://github.com/uber/ios-snapshot-test-case

      • Ghostalmedia@lemmy.world
        link
        fedilink
        English
        arrow-up
        7
        ·
        5 months ago

        Not the tools I’ve used. A lot of them aren’t even actually recording video. They’re recording the user interactions in-app, then playing those back on a cached version of the experience that is hosted with the session recording company.

    • Vinstaal0@feddit.nl
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Sorry to lazy to go through articles like this, do they mention if this is just in the US or something? Or do they also do this in the EU?

        • Thrashy@lemmy.world
          link
          fedilink
          English
          arrow-up
          6
          ·
          5 months ago

          Sorta yes and no. T-Mobile US is its own corporate entity, but their majority shareholder is Deutsche Telekom, and they take their name from that company’s mobile service brand.

        • Vinstaal0@feddit.nl
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          They are German as far as I am aware, but that doesnt mean they do the same crap in Europe as they do in the US hence my question

          • LilB0kChoy@lemm.ee
            link
            fedilink
            English
            arrow-up
            2
            ·
            5 months ago

            The article doesn’t specify where and they don’t say T-Mobile US. They do say that it’s the T-Life app that records the screen while using it.

  • RickRussell_CA@lemmy.world
    link
    fedilink
    English
    arrow-up
    53
    arrow-down
    3
    ·
    5 months ago

    with price increases a frequent occasion in recent times

    Good grief this article was padded for length. Who speaks like that? How hard is it to write “with recent price increases”?

  • FancyPantsFIRE@lemm.ee
    link
    fedilink
    English
    arrow-up
    48
    arrow-down
    1
    ·
    5 months ago

    Man, that pendulum swing from “the uncarrier” to full blown horrible large corporation. That merger with Sprint sure has made things better for customers, right?

  • FreedomAdvocate@lemmy.net.au
    link
    fedilink
    English
    arrow-up
    53
    arrow-down
    6
    ·
    5 months ago

    The only issue here is that it was turned on by default.

    It only records your use of the T-mobile app, and specifically tells you what it’s doing any why you’d use it. Off should be the default.

  • Clent@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    43
    arrow-down
    1
    ·
    5 months ago

    It’s only recording screens within the app. This sounds like an analytics tools. Any webpage can do this, common usage is click tracking.

    • AlecSadler@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      11
      ·
      5 months ago

      Yup. Worked briefly for a company that would “snapshot” the browser view quite often, enough where if an issue arose we could somewhat replay the user’s interactions to try and repro the issue.

          • AlecSadler@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            Definitely not OK. But it exists and I don’t think people realize it goes beyond tracking clicks to taking actual screenshots that can be stitched together practically as a video. It sucks.

          • douglasg14b@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            edit-2
            5 months ago

            Did I say that it did?

            No?

            Then why the rhetorical question for something that I never stated?


            Now that we’re past that, I’m not sure if I think it’s okay, but I at least recognize that it’s normalized within society. And has been for like 70+ years now. The problem happens with how the data is used, and particularly abused.

            If you walk into my store, you expect that I am monitoring you. You expect that you are on camera and that your shopping patterns, like all foot traffic, are probably being analyzed and aggregated. What you buy is tracked, at least in aggregate, by default really, that’s just volume tracking and prediction.

            Suffice to say that broad customer behavior analysis has been a thing for a couple generations now, at least.

            When you go to a website, why would you think that it is not keeping track of where you go and what you click on in the same manner?

            Now that I’ve stated that I do want to say that the real problems that we experience come in with how this data is misused out of what it’s scope should be. And that we should have strong regulatory agencies forcing compliance of how this data is used and enforcing the right to privacy for people that want it removed.

  • InfiniteHench@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    ·
    5 months ago

    This type of gross invasion should be illegal and land executives and developers in jail. Look at how Germany jailed VW executives and developers behind a massive emissions testing fraud incident. Enough is enough

      • InfiniteHench@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        5 months ago

        I am getting so cynical I think I’m just gonna choose to reject this reality and hang onto my own and believe he’s actually serving time

    • fwdbias@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      5 months ago

      Yyeeeaaahh sorry no those are rich people you’re talking about we don’t jail them around here.

  • orca@orcas.enjoying.yachts
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    1
    ·
    5 months ago

    Tons of corporate software out there will record user sessions in order to debug issues and replay a user’s interactions so an engineer can review it. Take a look at tools like Hotjar, Logrocket, and Fullstory.

    Not making excuses for them and it’s probably less insidious than this makes it out to be, but people should be aware that this is not uncommon at all.

  • ipkpjersi@lemmy.ml
    link
    fedilink
    English
    arrow-up
    12
    arrow-down
    4
    ·
    edit-2
    5 months ago

    They’re straight up screen recording customers? That’s crazy.

    The crazier thing is, T-Mobile is in USA which means they’re going to get away with it.

      • ipkpjersi@lemmy.ml
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        5 months ago

        They aren’t what, they aren’t in USA? They do business in USA.

        They aren’t going to get away with it? Yes they are, they are a large corporation in USA.

        • ayyy@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          5 months ago

          They aren’t recording the screen everywhere all the time like the shitty article implies. Literally every website and app you use does the same thing as this T-Mobile app.

          • ipkpjersi@lemmy.ml
            link
            fedilink
            English
            arrow-up
            2
            arrow-down
            2
            ·
            5 months ago

            Literally every website and app you use does the same thing as this T-Mobile app.

            Do you have a source for this?

            • douglasg14b@lemmy.world
              link
              fedilink
              English
              arrow-up
              4
              ·
              edit-2
              5 months ago

              I build software and can confirm this.

              This is pretty run-of-the-mill analytics and user session recording. There’s nothing surprising here.

              Usually it’s not actual screen recording but rather user action diff recording (Which effectively acts like recording the application except that it only records things that changed so that the recording is much cheaper to store)

              This is extremely effective for tracking down bugs, solving user support issues with software, or watching session recordings to figure out if users are using the software in unexpected ways.

              • ipkpjersi@lemmy.ml
                link
                fedilink
                English
                arrow-up
                3
                ·
                edit-2
                5 months ago

                Usually it’s not actual screen recording but rather user action diff recording

                Oh it’s essentially just a heatmap (or maybe event sourcing might be a more accurate way of describing it)? That’s fine then. Nobody called it that so I didn’t know that’s what was actually being talked about.

                I thought we were talking about actually recording the screen itself.

            • Lv_InSaNe_vL@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              5 months ago

              do you have a source for this

              Literally any analytics module will do this. Basically every major website you go to will do something similar.

    • Ghostalmedia@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      5 months ago

      Depends on the tool. A lot of them are only logging interactions. They then “play” those interactions over a cached version of the experience to show you a “recording.”

  • zephorah@lemm.ee
    link
    fedilink
    English
    arrow-up
    3
    arrow-down
    3
    ·
    5 months ago

    I admit, my skepticism regarding these companies has me leaving a black sticker on my selfie cam for a couple years now.