Apple bans 250 apps that steals user’s data
Apple has just banned over 250 apps from its store that were using software from a Chinese advertising company that secretly accessed and stored user’s personal information. The Chinese firm, called Youmi, provided developers with an SDK that would collect the apps the user had downloaded, the email address, and the serial number of their smartphone. The apps in total had about 1 million downloads.
According to the mobile security company, SourceDNA, the developers may not have known about these features in Youmi’s SDK. “We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s. We recommend developers stop using this SDK until this code is removed,” reads SourceDNA’s blog post.
It is unclear how this SDK hadn’t raised alarms at Apple. SourceDNA thinks Youmi may have been experimenting for years with ways to get into iOS’s APIs to get info that only Apple should have had access to. SourceDNA only discovered Youmi’s SDK when updating its own product, called SearchLight, that inspects apps for security and privacy violations. There may be other published apps using different approaches to access this kind of private information.
The developers of the affected apps relying on the Youmi SDK will be working with Apple to make sure that their software is in compliance.