Apple has pulled out 256 iOS apps from its App Store as they were accessing user’s personal information. The move comes following a report from analytics service SourceDNA, who apparently discovered some apps that were accessing a user’s sensitive personal information such as emails linked with their Apple IDs, the serial number of their device, installed apps and other personally identifiable information. These apps in question were using an SDK from a Chinese advertising company called Youmi, who were reportedly accessing this information via private API’s.
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly,” said Apple in a statement confirming SourceDNA’s report.
As of now, it seems to be an isolated incident as most of the developers were located in China. Though it’s rather surprising to know how long this activity had been taking place and what it means to the credibility of the App Store review process, given the fact that a third-party had to come to the rescue as the company itself couldn’t figure out that this had been taking place right under their noses. However, SourceDNA notes that these developers who were primarily located in China, probably did not realize the data it was capturing.
“This is the first time we’ve found apps live in the App Store that are violating user privacy by pulling data from private APIs. It’s definitely the kind of stuff that Apple should have caught,” said Nate Lawson, founder of Source DNA.
The 256 apps (est. total of 1 million downloads) detected by SourceDNA were surprisingly accessing data that is clearly prohibited by Apple’s App Store rules. While the Chinese mobile ad provider Youmi siphoning sensitive personal user information is rather hard to get in touch with due to language barriers. Most of the apps affected are mostly China-based, which also includes the official McDonald’s restaurant app for Chinese speakers.
The Cupertino giant is now working with affected developers so that their apps meet Apple’s security and privacy guidelines and are fit to return to the App Store.