Ad SDK Caught Collecting Private User Information, Apple Pulls Hundreds of Apps

Ad SDK Caught Collecting Private User Information, Apple Pulls Hundreds of Apps

Posted by · 6533 views · Translate
Apple has pulled hundreds of apps from its App Store that use the Youmi advertising SDK from China after SourceDNA found the SDK was using private APIs.

We’ve found hundreds of apps in the App Store that extract personally identifiable user information via private APIs that Apple has forbidden them from calling. This is the first time we’ve seen iOS apps successfully bypass the app review process. But, based on what we learned, it might not be the last.

The site believes that the Youmi advertising SDK began experimenting with obfuscating a call to get the app name about two years ago. As it grew more confident it wasn't being detected, they began requesting more information.

SourceDNA found four main groups of private APIs these apps are calling:
● Enumerate the list of installed apps or get the frontmost app name
● Get the platform serial number
● Enumerate devices and get serial numbers of peripherals
● Get the user’s AppleID (email)

Apple issued the following statement:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

Hit the link below for the technical details...

Read More [via Jim]


Ad SDK Caught Collecting Private User Information, Apple Pulls Hundreds of Apps
Butterspider - October 19, 2015 at 9:50pm
Biggest question that they always leave out. What apps are they????!!!!!
Yatsu - October 19, 2015 at 3:39pm
What about all the customers whose private data was acquired? I, and most likely everybody else, wouldn't give a crap for those apps after they're the reason my email is full of crappy ads!
Recent