Apple has issued a statement that they had identified a number of apps that compromise private information from users and that this is a clear violation of the company’s security and privacy guidelines. In response, Apple says it will remove all harmful apps from the App Store while working with developers to get updated versions of their apps that don’t compromise user privacy.
It seems the security breach involving hundreds of apps in the Apple App Store was identified by a third-party company. App Store Intelligence company SourceDNA said that some developers managed to find a way to bypass Apple’s review process in order to extract personal information from users. In fact, the company found that as much as 256 apps in the Apple App Store violate user privacy. It has been estimated that these apps have collectively been downloaded a total of one million times.
The private information that may have been accessed include user email address (Apple ID), platform serial number, installed apps as well as the user’s other devices and its serial numbers. SourceDNA managed to spot the culprit quickly. What all compromised apps have in common is that they are using third-party advertising SDK codes, developed by mobile advertising provider from China, Youmi.
Furthermore, though most of the compromised apps were made by developers in China, SourceDNA believes these developers were not aware of these harmful SDK codes as they were delivered in binary form and are obfuscated. Moreover, the user info is uploaded to Youmi’s server, not the app developers’.
For their part, Apple says that apps submitted to the App Store using Youmi’s SDK codes will be rejected from now on.