Apple removes certain content blockers from iOS App Store over security concerns

By AppleInsider Staff

In a bid to protect users against potential man-in-the-middle attacks, Apple on Thursday confirmed the removal of multiple iOS content blockers, also referred to as ad blockers, that relied on the installation of root certificates to operate.

The removal of root certification-based content blocking apps essentially reduces the potential of attack by cutting off outside access to otherwise secure data connections, reports iMore.

Apps that rely on root certification installations, like popular option Been Choice, go further than vanilla Safari ad-blocking extensions by sending off user network data to offsite servers, where offending content is filtered out. This system, while more comprehensive in its protection of apps outside of Safari, opens users to potential attacks as monitored traffic could be intercepted at a content blocker's servers.

"Apple is deeply committed to protecting customer privacy and security," an Apple spokesman told iMore. "We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk."

The company did not specify which apps were affected by the takedown.

As noted by the publication, Apple's team created a safer solution in Safari View Controller that does not require an ad blocker to track network activity on its own.

Selective content blocking was introduced in iOS 9 to prevent malicious apps from surreptitiously gathering sensitive customer data. Apple's ad blocking mechanism went under the microscope last month when it was learned that popular blocker Crystal allowed certain advertisers to pay to bypass its filters.