Apple has removed over 250 apps from the App Store after it was revealed that they were siphoning off user data in breach of privacy rules.
The apps are almost all made by Chinese developers using an SDK created by a Chinese mobile advertising firm called Youmi. The firm evolved the SDK to be able to siphon off data such as email addresses and device identifiers and send it to its own servers.
This is in breach of App Store rules, and Apple confirmed in a statement that it removed the offending apps after investigating the situation.
“The apps using Youmi's SDK have been removed from the App Store, and any new apps submitted to the App Store using this SDK will be rejected,” the company said.
App analytics and code-checking firm SourceDNA was one of the first to flag up the offending apps, explaining that the developers were probably unaware that their apps were breaking the rules.
“We believe the developers of these apps aren’t aware of [the data transfers] since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the apps',” the firm said.
“We recommend developers stop using this SDK until this code is removed.”
Apple acknowledged this and said that it will work with those affected to get the apps back in the Store without the offending SDK as quickly as possible.
“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
SourceDNA noted that the techniques used by Youmi to hide its behaviour had clearly gone undetected for a long time, raising concerns that other apps may be carrying out similar actions, unknown to their creators, users and even Apple.
“Given how simple this obfuscation is, and how long the apps have been available that have it, we’re concerned that other published apps may be using different but related approaches to hide their malicious behaviour,” the company warned.
The incident is the latest blow to the integrity of the Apple ecosystem after the firm was forced to remove hundreds of apps that were developed with a fake version of the Xcode software.
The huge growth in the use of iOS, particularly in the business world, has led some security experts to warn that the previous infallibility of the software is now under threat as cyber crooks have more to gain from targeting the platform.
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"
Looking to boost your career in IT? Here are the best-earning roles out there!
The BlackBerry KeyOne is a strange device that brings the best of BlackBerry and Android together in a Qwerty-equipped package, but it won't be for everyone