LONDON: Apple has removed hundreds of apps from the App Store after they were caught secretly leaking the users personal information using a Chinese advertising company’s hidden software.
Mobile security company SourceDNA detected the 256 rogue apps which it says have been downloaded 1 million times.
SouceDNA says app makers themselves were ignorant of the security risk in their apps.
The security company says the Chinese firm Youmi created the app-making software which added the feature in the apps of being able to detect the user’s email address and the serial number of their iPhone.
“We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the apps,” SourceDNA says on its blog post.
Apple vets apps before allowing them to be released in the App Store but SourceDNA says there is evidence that Youmi has been working on ways to hide the identity-seeking features for years deep within its software code.
Apple has issued a statement and has removed the apps from the app store.
Neither Apple nor SouceDNA have identified the apps, although most come from Chinese app developers.
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server,” the Apple statement says.
“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
