Hundreds of iOS apps caught taking user data from private APIs | iLounge News

News

Hundreds of iOS apps caught taking user data from private APIs

Security firm SourceDNA claims to have discovered hundreds of App Store apps that violate Apple’s privacy policies by accessing private user information. Apps using the Youmi advertising SDK were found to be accessing users’ Apple IDs, gathering a list of apps installed on devices and documenting the serial numbers of peripherals, among other privacy invasions. Youmi’s SDK skirted Apple’s review process by hiding its data collection processes within binary code sent out to developers over the last two years, leaving even app developers themselves unaware of the data that was being collected and sent back directly to Youmi. After Apple started blocking apps from reading platform serial numbers in iOS 8, Youmi started collecting information on individual device components, like the battery system, and used those to identify individual devices.

Apple has responded by pulling all apps using Youmi’s SDK and plans to reject any future app submissions found to be using it. As for the 256 documented apps that used Youmi’s SDK, Apple said it is “working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.” While a full list of affected apps isn’t available, most of the developers using the Youmi SDK are based in China. Affected apps have been downloaded an estimated 1 million times. [via Ars Technica]

Comments

Related Stories

Subscribe to iLounge Weekly

Sign up for the iLounge Weekly Newsletter

iLounge is an independent resource for all things iPod, iPhone, iPad, and beyond.
iPod, iPhone, iPad, iTunes, Apple TV, Mac, and the Apple logo are trademarks of Apple Inc.
iLounge is © 2001 - 2017 iLounge, Inc. All Rights Reserved. Terms of Use | Privacy Policy