Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User DataSourceDNA, an analytics service that tracks iOS and Android code, has
discovered hundreds of iOS apps that collect personally identifiable user information, including Apple ID email addresses and device identifiers, through a Chinese third-party advertising SDK called
Youmi that is prohibited by App Store guidelines.
<img src="
" alt="App-Store-About" width="800" height="369" class="aligncenter size-full wp-image-469552" />
The analytics firm, using its new developer tool
Searchlight, found 256 affected apps, with an estimated 1 million total downloads, using one of the versions of Youmi in violation of user privacy. Its report claims most of the developers who used the SDK are located in China, and that many were likely unaware of the threat since the tool kit is delivered in binary form and obfuscated.
Ars Technica explained in more detail about the information gathered "gradually over the past year or so" by apps using Youmi:
SourceDNA researchers found four major classes of information gathered by apps that use the Youmi ad SDK. They include:
1. A list of all apps installed on the phone
2. The platform serial number of iPhones or iPads themselves when they run older versions of iOS
3. A list of hardware components on devices running newer versions of iOS and the serial numbers of these components, and
4. The e-mail address associated with the user’s Apple ID
The personal info is reportedly gathered via private APIs and then routed through Youmi's servers in China.
Apple released a statement saying it will remove apps with Youmi from the App Store, and reject future submissions using the SDK:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
SourceDNA sent a full list of affected apps to Apple, including the official
McDonald's app in China, but did not share it publicly. Developers can check if their apps are affected using the analytics firm's
Searchlight tool.
This discovery comes weeks after iOS malware
XcodeGhost was disclosed, which arose from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. Apple also patched
YiSpecter malware in iOS 8.4.
Recent Mac and iOS Blog Stories •
Apple Store Once Called 'World's Biggest' Opens in China on October 24 •
Sprint Will Start Throttling Customers That Use More Than 23 GB a Month •
How to Customize Default Replies on Apple Watch •
MacRumors Giveaway: Win a 128GB Angelbird SSD2go Pocket from MEGAMAC •
Google Removes 'OK Google' Search Activation in Latest Chrome Update •
iPhone 6s Launches in India and 6 Other Countries, Coming to Thailand October 30 •
Review: 'Anchor' Offers Simple Apple Watch Charging, but With Drawbacks •
Apple Expands Lower App Store Pricing Tiers to Australia<br clear='all'/>
<a href="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/1/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/1/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/2/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/2/rc.img" border="0"/>[/url]
<a href="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/3/rc.htm" rel="nofollow"><img src="
http://rc.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/a2.img" border="0"/>[/url]
<img src="[url]http://adchoice.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/ach.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/a2t.img" border="0"/><img width="1" height="1" src="
http://pi2.feedsportal.com/r/241226211451/u/49/f/648327/c/35070/s/4acb63ff/sc/28/a2t2.img" border="0"/><img width='1' height='1' src='
' border='0'/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/Y0lmSfSHXms" height="1" width="1" alt=""/>
Source:
Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data
