Apple has banned nearly 250 applications from its App Store for utilizing malicious technology which violated user privacy. The tools in question employed a third-party software development kit (SDK) originating from a Chinese mobile advertising provider called Youmi.
The guilty apps were accessing and storing personal data such as a person’s email ID, the applications they downloaded and the serial number of the handset. Most of the barred tools are based in China. It’s possible the developers were not aware of the extraction taking place as the SDK was handed to them in binary form and obscured.
The user information obtained was then uploaded to Youmi’s server and not to that of the app. It’s not clear how exactly the ad company managed to hoodwink Apple’s application review process. Mobile security brand SourceDNA thinks the business has been tinkering with ways to bypass the tech giant’s strict privacy rules for years.
Youmi began the process on a small scale two years ago, only collecting the name of the currently running app in an individual’s smartphone. Once this manipulation managed to get through Apple’s review procedure, the firm moved on to bigger data such as the advertising ID. The latest version of the SDK was released about a month ago and continues to gather such information.
SourceDNA managed to sniff out the deceptive practices while adding updates to Searchlight, a product developed by them to detect similar privacy violations. It scanned for apps which used private APIs (application programming interfaces) to access private data. The company found over 256 applications using such software, and claims the tools have been downloaded over 1 million times.
In a statement, Apple declared it had removed the offending apps and would reject new ones using Youmi’s SDK. It’s currently working with the developers behind the removed applications to restore clean versions of their product to the App Store.