Apple pulls over 250 apps from the App Store for spying
According to a report published over the weekend, over 250 apps had to be pulled from the App Store by Apple. Their crime? Apparently these apps were gathering information on users using private APIs that Apple had previously banned. The 256 apps removed were using a version of the Youmi advertising SDK, which is meant for China.
The SDK is integrated in iOS and Android apps, allowing it to store information about users of these apps. The 256 apps removed had been downloaded over 1 million times. One report claims that the information picked up by the Youmi SDK includes a list of all apps downloaded on a particular phone, the platform serial number of iPhones and iPads running older versions of iOS, a list of hardware components and their serial numbers employed on iPhones and iPads running a newer version of iOS, and the email address registered with the user's Apple ID. The information is supposedly sent to Youmi servers using private APIs.
In a statement, Apple says that any app submitted to the App Store with code from the Youmi SDK will now be automatically rejected. It also is working with developers whose apps were pulled, to get these apps resubmitted and published again in the App Store.
source: SourceDNA via MacRumors, RedmondPie
Apple has removed all of the apps that were using Youmi's SDK, including the official McDonald's app in China. Developers who want to check their own app(s) can use the Searchlight tool from SourceDNA. The research firm says that the majority of the apps using Youmi SDK were submitted by Chinese developers, who were unaware of what was going on.
In a statement, Apple says that any app submitted to the App Store with code from the Youmi SDK will now be automatically rejected. It also is working with developers whose apps were pulled, to get these apps resubmitted and published again in the App Store.
"We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."-Apple
source: SourceDNA via MacRumors, RedmondPie
Things that are NOT allowed: