Apple is known, even notorious, for its tight grip on which apps get into its App Store. While sometimes viewed to be a rather heavy handed or authoritarian approach, it has also been praised for curbing the amount of low quality apps and malware. Lately, however, some seem to have slipped through the cracks. This latest App Store violation even numbers in the hundreds. Code analytics service SourceDNA discovers more than 200 iOS apps accepted on the App Store using an advertising SDK that collect users’ private data.
Of course, iOS apps normally shouldn’t be able to access certain pieces of information, something that Apple explicitly prohibits. Chinese advertising company Youmi, however, was able to find some loopholes in Apple’s usually strict review process, allowing 256 apps using its advertising SDK to be published on the App Store. Through those apps and using private APIs, Youmi was able to glean details such as serial numbers, apps installed, and even the owner’s Apple ID email and send those to the company’s servers.
Apple has acknowledged the situation and has removed the offending apps from the App Store listings. If any app using Youmi’s SDK tries to get into the App Store, they will be automatically rejected simply on the basis of using that SDK. Of course, app developers might not be aware of Youmi’s underhanded tactics, so Apple will be assisting them in fixing this matter. Here’s Apple’s statement regarding the matter:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
This is just the latest in a string of policy violations that are plaguing Apple’s Chinese App Store. Recently, a malware from an unofficial Xcode installer allowed infected apps to also get through the review process and infect numerous Chinese iOS apps. Given this new trend, SourceDNA worries that there might still be other exploits that have gotten past review as well.