Apple Removes Over 250 Apps That Accessed Personal Information of Users
In an attempt to up its security, Apple got rid of over 250 apps from its App Store. These apps were using a software developed by a Chinese firm called Youmi which allowed them access to the user’s personal details like email address and the serial number of their smartphone. According to sources, the apps received a total of 1 million downloads.
The apps which relied on Youmi’s SDK, mostly made by companies and firms based in China, may not have willingly or knowingly violated Apple’s secutrity. As is backed by SourceDNA’s blog post:
“We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s. We recommend developers stop using this SDK until this code is removed.”
This security issue was brought to light by SourceDNA when they were updating their own product called Searchlight. Searchlight inspects the security and checks apps for security violations. SourceDNA later on went ahead to comment in their blog post, “We’re concerned other published apps may be using different but related approaches to hide their malicious behavior.”
Apple on the other hand, issued the following statement:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
Source: [tw-button size=”medium” background=”#07ABE2″ color=”” target=”_blank” link=”https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html”]SourceDNA[/tw-button]