256 iOS Apps On App Store Violate Apple’s Privacy Policy, Collect Users’ Data

Uzair Ghani
Posted Oct 19, 2015
16Shares
Share Tweet Submit

Apple brushed off all the damage it garnered over time all thanks to the XcodeGhost fiasco that allowed malware to sneak into the App Store through apps and games that were created using a version of Xcode downloaded from non-Apple sources. Now, with that out of the way, a new security concern has just made an appearance, with apps and games living on the App Store – 256 of them – that violate Apple’s strict privacy policy.

XcodeGhost

256 Apps On The App Store Directly Violate Apple’s Privacy Policy

The 256 apps, whose names have not been undisclosed as yet, utilize private APIs to gather up private information of a user and of course, send it over to a remote location. The private information includes serial numbers, email addresses, and unique identifiers. In other words, it includes each and every single thing which you do not want to fall into the wrong hands.

According to ArsTechnica:

SourceDNA researchers found four major classes of information gathered by apps that use the Youmi ad SDK. They include:

– A list of all apps installed on the phone

– The platform serial number of iPhones or iPads themselves when they run older versions of iOS

– A list of hardware components on devices running newer versions of iOS and the serial numbers of these components, and

– The e-mail address associated with the user’s Apple ID

While the complete list of apps hasn’t been disclosed by SourceDNA, but they do make a mention of the fact that majority of the apps originate from China, including the official McDonald’s app which has been tailor made for native speakers in that region.

Apple Removed 47,300 Apps from iOS App Store Last Month, Here's Why

The entire list however, has been sent to Apple so they can take appropriate action against this newly discovered security breach, and we’re quite certain that Apple will indeed take positive decisions to make sure that such a thing does not happen again in the near future.

Apple has released an official statement on the matter and has indeed confirmed that the breach has taken place. The complete statement from the company is as follows:

We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.

It’s also worth noting here that these 256 apps have been downloaded by well over a million users over time.

Since we don’t have a list of apps that breach Apple’s privacy policy, therefore we really can’t suggest an appropriate course of action just yet. But, if you do happen to come across an app that looks somewhat ‘shady,’ then we highly recommend that you steer clear from it.

Source

Share Tweet Submit