In recent days, T-Mobile customers stumbled upon an unannounced setting in the T-Mobile T-Life app that raised some eyebrows and has created a bit of a freakout. A new setting called “Screen recording tool” was found on select devices and was enabled with a description that doesn’t... #TMobile
It’s also android phones. All of the shots in the article are of android phones.
This is likely just recording sessions of the carrier’s app, not everything on your phone. Session recording for CS and UX is pretty common these days. It can be impossible to identify a problem unless you actually see what is happening in the app.
That said, you have to ask for consent for this shit. A lot of companies don’t alert customers when they release a new tool that requires privacy consent.
To help us give customers who use T-Life a smoother experience, we are rolling out a new tool in the app that will help us quickly troubleshoot reported or detected issues. This tool records activities within the app only and does not see or access any personal information. If a customer’s T-Life app currently supports the new functionality, it can be turned off in the settings under preferences.
So yes, it can only see itself, i.e. within the T-Mobile app. It’s still dumb.
I’m not well versed enough in Android app development to answer whether or not one userspace app can even access the screen contents of another app without root or special permissions, but it wouldn’t surprise me if there are several roadblocks in that path on the part of the OS for obvious reasons.
That’s not possible without a permission prompt (on both iOS and android). So there’s no changing the goalposts like you suggest, without the user giving explicit permission.
It’s not possible at all, no permission exists that lets an Android app record something in another app. Much to the sadness of the mobile Hearthstone community that would love collection managers and stat tracking apps like what PC and Mac have.
I’m not well versed enough in Android app development to answer whether or not one userspace app can even access the screen contents of another app without root or special permissions
This requires special permissions and explicit user approval every time an app starts screen recording, plus it shows a red notification whenever screen recording is active.
I think you could get by with a one-time user approval as a device administration or assistive app permission, which you’d need to manually grant in Settings. Unlikely anyone would do that by accident.
That might be different for system-level apps. I haven’t bought a carrier-branded phone in 10+ years so I’m not sure what that’s like these days.
It’s not possible on Android, which is incredibly disappointing because I play a card game exclusively on mobile, and would love to use a collection manager and stat tracking app. These exist for PC and Mac, but not for mobile because of the very hard no-record-other-apps wall.
That would be a pretty big security hole in iOS if that was allowed, but it isn’t. Notification and other UI elements are rendered on top of the underlying app, which does not have access to or cannot see the full screen’s canvas. We can see practical implementations of this “snapshot” test feature in code:
Not the tools I’ve used. A lot of them aren’t even actually recording video. They’re recording the user interactions in-app, then playing those back on a cached version of the experience that is hosted with the session recording company.
Sorta yes and no. T-Mobile US is its own corporate entity, but their majority shareholder is Deutsche Telekom, and they take their name from that company’s mobile service brand.
It’s also android phones. All of the shots in the article are of android phones.
This is likely just recording sessions of the carrier’s app, not everything on your phone. Session recording for CS and UX is pretty common these days. It can be impossible to identify a problem unless you actually see what is happening in the app.
That said, you have to ask for consent for this shit. A lot of companies don’t alert customers when they release a new tool that requires privacy consent.
This is so. At the bottom of the article it says:
So yes, it can only see itself, i.e. within the T-Mobile app. It’s still dumb.
I’m not well versed enough in Android app development to answer whether or not one userspace app can even access the screen contents of another app without root or special permissions, but it wouldn’t surprise me if there are several roadblocks in that path on the part of the OS for obvious reasons.
For quality assurance reasons, we’ve defined ‘within the app’ as ‘everything on the phone while our app is running in the background’.
That’s not possible without a permission prompt (on both iOS and android). So there’s no changing the goalposts like you suggest, without the user giving explicit permission.
It’s not possible at all, no permission exists that lets an Android app record something in another app. Much to the sadness of the mobile Hearthstone community that would love collection managers and stat tracking apps like what PC and Mac have.
Yeah, it’s possible with something like Shizuku. scrcpy works via adb, so something similar could work on-device.
It’s just not a part of Android’s standard permission system.
This requires special permissions and explicit user approval every time an app starts screen recording, plus it shows a red notification whenever screen recording is active.
I think you could get by with a one-time user approval as a device administration or assistive app permission, which you’d need to manually grant in Settings. Unlikely anyone would do that by accident.
That might be different for system-level apps. I haven’t bought a carrier-branded phone in 10+ years so I’m not sure what that’s like these days.
Last I checked, you can have a system app as an accessability provider and be enabled by default
It’s not possible on Android, which is incredibly disappointing because I play a card game exclusively on mobile, and would love to use a collection manager and stat tracking app. These exist for PC and Mac, but not for mobile because of the very hard no-record-other-apps wall.
several ways
You’d need something to hook into the memory or storage of the app I guess?
Lemmy bring biased again?
OP literally changed the title to include iPhone when the actual title from the link says screen recording.
The article was updated. That may have been the original title since this was first discovered on an iPhone.
Buy yeah, OP should update this headline. Especially since it probably hits a lot more Lemmy users than originally reported.
I wonder if this would include on-screen notifications.
That would be a pretty big security hole in iOS if that was allowed, but it isn’t. Notification and other UI elements are rendered on top of the underlying app, which does not have access to or cannot see the full screen’s canvas. We can see practical implementations of this “snapshot” test feature in code:
https://github.com/uber/ios-snapshot-test-case
Not the tools I’ve used. A lot of them aren’t even actually recording video. They’re recording the user interactions in-app, then playing those back on a cached version of the experience that is hosted with the session recording company.
Sorry to lazy to go through articles like this, do they mention if this is just in the US or something? Or do they also do this in the EU?
Does T-Mobile operate in Europe? I thought they were a US carrier.
Sorta yes and no. T-Mobile US is its own corporate entity, but their majority shareholder is Deutsche Telekom, and they take their name from that company’s mobile service brand.
They are German as far as I am aware, but that doesnt mean they do the same crap in Europe as they do in the US hence my question
The article doesn’t specify where and they don’t say T-Mobile US. They do say that it’s the T-Life app that records the screen while using it.