Apple Removes Hundreds of App Store Apps for Stealing User Data

More than 250 applications in the Apple App Store are being removed after a code watchdog company found that they were secretly collecting users' personal data and sending that information to a Chinese firm that provided the advertising SDK for those apps.

While scanning apps to expand support for its Searchlight code analysis service, SourceDNA identified 256 apps in the Apple store that were built on a SDK (software development kit) from Youmi that violated users' privacy. Code in that SDK provided Youmi with user information on installed apps, platform serial numbers, serial numbers of peripherals and AppleIDs/e-mail addresses.

Youmi appears to have started experimenting with ways to obfuscate the actions of its SDK about two years ago, according to SourceDNA's investigation. Most of the developers using the SDK were likely unaware of this as user data was uploaded directly to Youmi's server, SourceDNA noted, adding that the affected apps have been downloaded about 1 million times, and most of their developers are based in China.

'Violation of Security and Privacy Guidelines'

SourceDNA founder Nate Lawson told us his company notified Apple of its findings last week. Apple was also provided with a complete list of the apps built with the Youmi SDK.

In response, Apple released the following statement via a spokesperson: "We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user e-mail addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines."

The statement added that Apple will remove any apps using Youmi's SDK from its store, and will reject any new ones built on that SDK. "We are working closely with developers to help them get updated...

Comments are closed.