Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data

sourcedna, analytics service tracks ios , android code, has discovered hundreds of ios apps collect identifiable user information, including apple id email addresses , device identifiers, through chinese third-party advertising sdk called youmi prohibited app store guidelines.

​

analytics firm, using new developer tool searchlight, found 256 affected apps, estimated 1 million total downloads, using 1 of versions of youmi in violation of user privacy. report claims of developers used sdk located in china, , many unaware of threat since tool kit delivered in binary form , obfuscated.

ars technica explained in more detail information gathered "gradually on past year or so" apps using youmi:

quote

sourcedna researchers found 4 major classes of information gathered apps use youmi ad sdk. include:

1. list of apps installed on phone
2. platform serial number of iphones or ipads when run older versions of ios
3. list of hardware components on devices running newer versions of ios , serial numbers of these components, and
4. e-mail address associated user's apple id

click expand...

the personal info reportedly gathered via private apis , routed through youmi's servers in china.

apple released statement saying remove apps youmi app store, , reject future submissions using sdk:

quote

"we've identified group of apps using third-party advertising sdk, developed youmi, mobile advertising provider, uses private apis gather private information, such user email addresses , device identifiers, , route data company server. violation of our security , privacy guidelines. apps using youmi's sdk have been removed app store , new apps submitted app store using sdk rejected. working closely developers them updated versions of apps safe customers , in compliance our guidelines in app store quickly."

click expand...

sourcedna sent full list of affected apps apple, including official mcdonald's app in china, did not share publicly. developers can check if apps affected using analytics firm's searchlight tool.

discovery comes weeks after ios malware xcodeghost disclosed, arose malicious version of xcode, apple's official tool developing ios , os x apps. apple patched yispecter malware in ios 8.4.

article link: apple removes on 250 ios apps ad sdk collects personal user data

 

i think real question is: how many apps (and how long) have been making use of private apis using similar techniques? how many apps have in our devices have bypassed app store validation using similar procedures? , assure you, developer, not difficult thing @ all…

 

Forums News and Article Discussion MacRumors.com News Discussion

• iPhone
• Mac OS & System Software
• iPad
• Apple Watch
• Notebooks
• iTunes
• Apple ID
• iCloud
• Desktop Computers
• Apple Music
• Professional Applications
• iPod
• iWork
• Apple TV
• iLife
• Wireless