Apple’s App Store known for how hard it is to get an app approved, because of Apple’s strict rules and regulations which have been criticized and praised. The rules have prevented scammy apps, apps that don’t work, and other crappy apps out of the Apple App Store. Apple recently suffered a breakdown of these strict review policies, this lapse allowed 256 apps in total to collect user data with consent. Analytics service SourceDNA first noticed these problematic apps and discovered that a third-party SDK for Chinese advertising platform Youmi was grabbing device serial numbers, lists of installed apps and the phone’s Apple ID email address.
Apple released the following statement regarding this security concern:
We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.
The breach is relatively small when you imagine there are millions of apps, and billions of downloads. SourceDNA say it’s likely that other apps in the app store could have similar code based on how deeply buried the code was. On top of that developers didn’t even know the SDK was collecting all the information even after being alerted to the breach. There are more and more apps being submitted to the App Store it’s becoming increasingly hard for Apple to review each app and ensure they meet the guidelines perfectly.
Tell us in the comments below what you think about these apps collecting all this data without anyone knowing!