There are plenty of factors involved in getting an application approved for one of Apple’s App Stores, especially for the iOS App Store. But sometimes apps slip through.
Which is the case for several applications formerly available within the iOS App Store, which Apple has recently verified included a third-party advertising SDK that allowed for the gathering of sensitive user data, including device identifiers and email addresses. The SDK was able to gather the information without the user even being aware the information was being gathered, and then sent that info off to its own servers.
The initial discovery was made by code analytics platform SourceDNA, and they found hundreds of apps that fell under the net of this third-party SDK. According to9to5Mac, this SDK is from Chinese advertising company Youmi, and according to the search tools implemented by SourceDNA there were 256 applications that included the advertising SDK. These apps have received over one millions downloads.
The SDK apparently used a variety of techniques to gather a wide range of user information, which, including the aforementioned details, could also include serial numbers for the devices, as well as the serial numbers for peripheral devices as well. The SDK could even gather information pertaining to other applications installed on the user’s device.
The report indicates that almost all of the apps were targeting the Chinese market, but SourceDNA believes that it could extend to other markets.
Apple, for its part, has already begun removing the affected apps, and has provided this statement regarding the issue:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
SourceDNA did send the list of affected apps to Apple, but the list is not known publicly at this point. However, it is known that the official Chinese McDonald’s app is one of them.
No comments:
Post a Comment