Roger Fingas
Apple has removed numerous apps from the App Store following the discovery that a third-party advertising SDK — developed by Chinese firm Youmi — was using private APIs to record user information in violation of official App Store guidelines.
The APIs found in affected apps were gathering data like email addresses and device identifiers, and funneling them to a Youmi-run server, Apple confirmed to code analytics firm SourceDNA. Any future apps employing the SDK will be rejected outright.
"We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly," Apple added.
SourceDNA's binary analysis discovered 256 apps based on the SDK, which have cumulatively been downloaded about a million times. The firm noted that on top of serial numbers and email addresses, the APIs were gathering lists of installed apps.
Youmi's data collection efforts appear to extend back almost two years, and may have become more brazen over time, with new tricks to hide activities and circumvent Apple security methods.
The App Store's reputation for being a safe haven has come under serious fire in the past month, with incidents like vulnerabilities in content blockers and the YiSpecter and XcodeGhost malware infections undermining confidence.
Andrew Orr
Amber Neely
William Gallagher
Christine McKee
AppleInsider Staff
45 Comments
It's time for devs to stop trusting Chinese code. Apple also needs to start revamping the review process, and changing it randomly and frequently. This is only going to get worse as the money continues to migrate to iOS. There's just not much value in Bamadou Funkautu's information from Nambia.
What apps are we talking about. Would be nice to know.
So, like .002% (256), apps out of 1.7 billion apps .. makes headlines.. a freaking amazing. And Apple already removed the apps.
Hopefully Apple is channeling the great Jason Nesmith: Never surrender! Never Give up! I imagine there are Galaxy Quest posters at Apple HQ next to the "Hang in There Baby" kitty posters.
The question here is, does the app store in those countries put their apps through the same rigorous validation as those in the U.S. If that answer is NO, then, in my opinion, Apple needs to ban those countries that have shown an all-in-out disrespect for the reviewal process and those users who are using those apps. Better yet, only allow apps that are made in the U.S. be accessed by U.S. customers.