Screen Recording on Apple iOS 11: Safety Features and Security Concerns

/
Image-1.jpg

Apple recently unveiled its newly updated operating system - iOS11 - for iPhone, iPad, and iPod Touch. The operating system offers a variety of new tools that will impact the lives of survivors of domestic violence. This two-part blog series will feature two of the new tools -  a screen recording feature and an Emergency SOS calling feature. In today’s blog, we will focus on the new screen recording tool.

As with most technologies, the iOS11 updates have potential to both help survivors, and to be misused by abusers. The screen record feature in iOS11 is a perfect example of a technology that has a mix of safety potential and privacy concerns.

While screen recording is new to iOS11, it isn’t actually a new feature for smartphones. Many devices that use Android operating systems have had the ability to record what’s happening on the screen for some time. Similarly, Apple users were able to record what was happening on the phone with a workaround that included plugging the phone into a computer. But while screen recording isn’t new, Apple has simplified the process, which means that survivors can now more easily record video of abusive behavior, like harassing text messages or threats made over video calls. (For more information on how to document abuse, check out our Documentation Tips resource.) Unfortunately, it also means it’s now easier for abusive people to make recordings that they can use maliciously as a tactic of abuse.

One major concern is that the new screen record button will allow individuals to secretly record Snaps sent using Snapchat. One of the primary selling points of sending a Snap is that it automatically disappears after a person sees it. Previously, the only way for someone who receives a Snap to keep a copy of it was to take a screenshot. To protect against privacy concerns related to screenshots, Snapchat created a feature that informs the sender if a screenshot was taken of their Snap. But the new screen record button is able to record Snaps without alerting the sender.

While this may help survivors of domestic violence document abusive Snaps, it can also be misused by an abusive person, particularly because many people use Snapchat to discuss sexual topics and share intimate images. If these images can be secretly captured, it’s more likely that an abusive person can keep them without the victim’s knowledge and later use the recordings to threaten, blackmail, or otherwise harm the sender.

IMPORTANT: Snapchat is attempting to fix the issue in its latest software update, but the screen record button will still be able to secretly record Snaps if the sender has not installed the latest version of Snapchat.  

WHAT CAN YOU DO TO STAY SAFE?

  • If you use Snapchat, make sure you have the latest update installed.

  • If you use an Apple device, learn how to use the screen record button after you install iOS11.

  • Learn more about documenting abusive behavior and talk to a local advocate if you think you’re experiencing abusive behavior (you can find services near you by calling the National Domestic Violence Hotline).

  • If you’re trying to use the screen record button to record a Snap in order to document abusive behavior by the other person, just know that it’s possible that the other person may know you made a recording. We recommend being careful before recording abusive Snaps because it is possible that the abusive person could be made aware that you have recorded the abusive behavior, which may place you in danger.

  • Recording another person (in person, on the phone, or on a video call) is illegal in some states if you do not receive permission. If you do decide to use the recording feature to record another person, it is important that you comply with your state’s recording laws. Check here to learn about your state’s recording laws.

Also – always remember that it’s never ok for someone to take pictures or videos of you without your consent, coerce you to take and send images or videos, or keep images or videos you send in private when you have an expectation that they have been deleted. If you are concerned that somebody has inappropriately taken or retained pictures or videos of you, please contact us at safetynet@nnedv.org or reach out to the Cyberviolence Civil Rights Initiative.

This project was supported by Grant No. 2016-TA-AX-K069 awarded by the Office on Violence Against Women, U.S. Department of Justice. The opinions, findings, conclusions, and recommendations expressed in this program are those of the author(s) and do not necessarily reflect the views of the Department of Justice, Office on Violence Against Women.

 

Safety Check

/

If you think your activities (online and offline) are being monitored, you are probably right. People who are abusive often want to know their victim’s every move and interaction. If this is something you’re experiencing, it’s important to think through how they might be tracking your online activity. These tips can help you think through how to access information online more safely:

  • Computers, mobile devices, and online accounts store a lot of private information about what you view online – the websites you visit (like this one), the things you search for, the emails and instant messages you send, the online videos you watch, the things you post on social media, the online phone or IP-TTY calls you make, your online banking and purchasing, and many others. 

  • If your mobile device or computer are easily accessible to the abuser, be careful how you use it. You may want to keep using those devices for activities that won’t trigger violence – like looking up the weather – and find safe devices (like a public computer at the library) to look up information about how to get help.

  • If the person who is abusive has access to your online accounts (social media, email, phone bill, etc), or has had access to them in the past, it is often helpful to update the usernames and passwords for those accounts from a safer device.

  • You can also set up a new email address that they aren’t aware of, and connect your online accounts to it (rather than the old email address they know). It can be helpful to make the new address something that is more anonymous, instead of using your actual name or a handle you are already known by.

  • Keep in mind, if you think you are being monitored, it might be dangerous to suddenly stop your online activity or stop them from accessing your accounts. You may want to keep using those devices or accounts for activities that won’t trigger violence – and find safer devices (like a public computer at the library) and accounts to look up information about how to get help, or to communicate with people privately.

  • Email, instant messaging and text messaging with domestic violence agencies leaves a detailed digital trail of your communication, and can increase the risk that your abuser will know not only that you communicated, but the details of what you communicated. When possible, it’s best to call a hotline. If you use email, instant messaging, or text messaging, try to do so on a device and account that the abuser doesn’t know about or have access to, and remember to erase any messages you don’t want the abusive partner to see.

Check out NNEDV’s Technology Safety & Privacy Toolkit for Survivors for more important information.

This project was supported by Grant No. 2016-TA-AX-K069 awarded by the Office on Violence Against Women, U.S. Department of Justice. The opinions, findings, conclusions, and recommendations expressed in this program are those of the author(s) and do not necessarily reflect the views of the Department of Justice, Office on Violence Against Women.

 

So, You Wanna Build an App? App Security

/

This post is part of the “So You Wanna Build an App” series. The other posts include: “What to Consider Before Developing an App,” “Know Your Audience,” and “Safety First.” This series is based on lessons we learned when developing the NNEDV Tech Safety App, and in reviewing dozens of apps created for victims of domestic violence, sexual assault, and stalking. Our reviews can be found in the App Safety Center.

 In the “Safety First” post, we talked about how to minimize risks for users when you build the app. Another concern that app developers must be aware of is security—both security of the app itself and security of the data that the app collects from users.

Minimize User Data & Secure What You Store

User data can include anything from asking users to create an account with a username and password to asking users to upload and store evidence of abuse. The first step to data security is to only collect the information needed in order to provide the service. Don’t ask for data you don’t need. For example, some apps require users to create an account when there is no obvious need for an account. Other apps require access to information on the device, such as the user’s contact list and calendar, even when that information has no relevance to the functionality of the app.

Also remember that some types of data are more sensitive than others. Sensitive data includes personally identifying information like name, birthdate, location, health/mental health information, and documentation of abuse. The exposure of sensitive data can have dangerous consequences for the survivor if it’s discovered by the abuser. For this reason, securing sensitive data from unintentional disclosure is crucial.

Develop your app in a way that doesn’t require users to share personal information, or that offers users multiple ways they can opt into or out of sharing personal information. For example, some safety apps allow users to contact someone through the app. Develop the app in a way that lets the user manually type in the contact information, rather than requiring that the app be connected to their contact list. Also remember - if your app is designed so that it can inform 2 or 3 contacts when the survivor needs help, the app does not need access to the entire address book. This is also helpful, because some users may want to input a safety contact, such as their domestic violence advocate or private attorney, who isn’t in their contact list.

App Security

For apps that collect no or minimal data from their users, the security issues are more about the app itself. Some apps are built to function fully on the device, where all the content is accessible via the downloaded app. Other apps require users to retrieve information online. Depending on how the online content is hosted, if someone was covertly watching the internet traffic, they might be able to find out the names of the websites and other content that’s being accessed. Think about where your online content is hosted and how that information is retrieved. As an example, in order to protect survivors, all of the videos on our Tech Safety App are hosted on a secure server, and the files are named in a way that obscures what they are in case someone is covertly watching the internet traffic.

Have a Security Framework and Policy

Anytime you ask users to share personal information with you, you need to know (and let them know) how you’ll keep that data secure. The security framework should encompass every level of engagement – from the time they share their information (account creation, uploading/downloading content) to when you store that information (on secure and encrypted servers) to how (and how often) you destroy content. Your security policy should be clear, and posted where users can easily review. It should also be very clear about when and how you might share their information with third parties such as law enforcement or courts.

Educate Users on Security

If your app encourages people to use third-party cloud storage like Dropbox to store personal information gathered via your app, provide tips and education on good security practices. Where appropriate, teach users to use strong passwords and multi-factor authentication. The better they understand the risks, and how to minimize those risks, the better they can navigate them and develop stronger safety strategies.

Thanks for reading this blog series! If you’re still curious for more, you can find great information on our website:

·       Technology Safety and Privacy: A Toolkit for Survivors

·       Agency’s Use of Technology: Best Practices & Policies

·       App Safety Center

Speaking of apps – check out NNEDV’s Tech Safety App! DC-based company 3Advance developed the CMS infrastructure and created the multi-platform mobile apps to bring to life the NNEDV Tech Safety App. If you’re an app developer or a victim service provider working with an app developer, be sure to check out our Considerations for App Developers resource!