The 256 apps, whose names have not been undisclosed as yet, utilize private APIs to gather up private information of a user and of course, send it over to a remote location. The private information includes serial numbers, email addresses, and unique identifiers. In other words, it includes each and every single thing which you do not want to fall into the wrong hands.
According to ArsTechnica:
SourceDNA researchers found four major classes of information gathered by apps that use the Youmi ad SDK. They include:
- A list of all apps installed on the phone
- The platform serial number of iPhones or iPads themselves when they run older versions of iOS
- A list of hardware components on devices running newer versions of iOS and the serial numbers of these components, and
- The e-mail address associated with the user’s Apple ID
While the complete list of apps hasn't been disclosed by SourceDNA, but they do make a mention of the fact that majority of the apps originate from China, including the official McDonald's app which has been tailor made for native speakers in that region.
The entire list however, has been sent to Apple so they can take appropriate action against this newly discovered security breach, and we're quite certain that Apple will indeed take positive decisions to make sure that such a thing does not happen again in the near future.
Apple has released an official statement on the matter and has indeed confirmed that the breach has taken place. The complete statement from the company is as follows:
We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.
It's also worth noting here that these 256 apps have been downloaded by well over a million users over time.