China's ad firm Youmi apologizes for data-harvesting APIs used in pulled iOS apps

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Chinese mobile advertiser Youmi on Tuesday offered "sincere apologies" for supplying an SDK to developers that contained data-collecting private APIs in violation of App Store rules.

In a statement, Youmi said that it was working with Apple to fix the situation, according to Dow Jones. For developers whose apps were removed from the App Store, the company is also promising "reasonable compensation once this matter has been properly resolved."

Earlier this week, code anayltics firm SourceDNA revealed that Youmi's APIs were collecting information such as email addresses, device identifiers, and lists of installed apps. The data was then uploaded to a remote server. At least 256 apps relied on Youmi's SDK, but Apple has since pulled them and banned future use of the SDK.

SourceDNA suggested that Youmi's activities were intentionally deceptive, with programming tricks evolving over the course of nearly two years to keep the data collection hidden and avoid Apple safeguards.

Apple is typically strict about the code that makes it into App Store titles, but in the past month has had to deal with the YiSpecter and XcodeGhost malware infections, as well as serious vulnerabilities in some content blockers.