Apple removes hundreds of apps from App Store, third-party APIs found to collect private information

Posted by:
Date: Monday, October 19th, 2015, 08:02
Category: Developer, iOS, News, privacy, Software


Well, this is a bit of a mess.

Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs (Application Programming Interfaces) to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers.

Apple has confirmed that the SourceDNA report contributed to its removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines. Apple has also patched its approval processes to prevent any more apps that use this technique to make it onto the App Store.

The SDK in question emerged from a Chinese advertising company, Youmi.

The SDK used a variety of techniques and APIs to collect identifying personal information it shouldn’t normally be able to. This includes serial numbers, peripheral serial numbers, lists of installed apps and obtaining the user’s Apple ID email. The analytics company speculates Youmi became more confident with its methods over time, slowly adding more and more data collection code over a two-year span.

The lion’s share of the offending apps targeted the Chinese market. Since then, Apple has released the following statement:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

Stay tuned for additional details as they become available.

Via 9to5Mac

Recent Posts