More than 250 iOS apps will be deleted from the App Store as secretly collecting personal information

ByOmar Jordan Fawahl

The fact that 256 applications using the advertisement SDK developed by China's mobile advertisement provider secretly collects the user's personal information has been actively working to maintain code transparencySource DNA"Discovered. It is said that an application developer using the advertisement SDK may not have known this fact, but Apple has deleted all target applications from the App Store in this situation.

IOS Apps Caught Using Private APIs
https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html


Apple bans over 250 apps that secretly accessed users' personal info | The Verge
http://www.theverge.com/2015/10/19/9567447/apple-banned-apps-youmi-privacy-personal-data


An advertising provider called "Youmi" in China that developed an advertisement SDK that gathers user's private information secretly. This advertisement SDK was gathering is "Apple ID" of the user who installed the application using the advertisement SDK "Serial number of the terminal" "Serial number of the peripheral terminal" "List of applications installed on the terminal "It seems that the collected data was being sent to Youmi's server. In addition, there are 256 applications that used this advertisement SDK in total, and it seems that the total number of downloads exceeds 1 million. However, most of the applications that adopted this application are applications created by Chinese developers.

ByIntegrated Change

It was SourceDNA that discovered the SDK that collects Youmi's personal information, he found a suspicious application while investigating how to use the private API, and found that the advertisement SDK is quietly collecting personal information is. It is unclear how SDK cleared the App Store review, but SourceDNA has tried and errored how Youmi gathered personal information within Apple's restricted API for years It is said to be.

Apple also basically recommends developers to use APIs that the company has prepared for application development for iOS and OS X. Although it seems that it was also to prevent the serial number from being pulled out to the application by the use of the private API, the private API included in Youmi's advertisement SDK gets information of peripheral equipment such as a battery system first It is said that he was drawing an eye for the judgment.

About this SDK Apple has issued the following statements and announces that 256 applications that collect user's personal information have been deleted from the App Store.

We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its Company server.

We are working closely with developers to help them get updated themselves updated after appart using SDK will be rejected. Versions of their apps that are safe for customers and in compliance with our guidelines back in the App store quickly.

We have identified that many apps are using third party advertising SDK developed by Youmi mobile advertising provider. This SDK uses a private API to gather personal information such as user's e-mail address and device ID, and transfers the data to its corporate server.

This violates our security and privacy guidelines. Therefore, I deleted the application using Youmi's SDK from the App Store. Also, if new applications submitted to the App Store are using this SDK in the future, those applications will also be rejected. We are also working with developers so that they can be updated quickly to those that are safe for our customers and comply with our guidelines.