The Apple App Store is suddenly a lot lighter, as hundreds of iOS applications have been taken down from the platform in the wake of disclosures that they were accessing users’ personally identifiable information.
TechCrunch reported Monday (Oct. 19) that SourceDNA, an analytics firm, found that the aforementioned apps were tapping into the data, which included email addresses tied to Apple IDs, their Apple devices and a list of apps installed on phones. Those applications, reported TechCrunch, were using an SDK from a firm known as Youmi (a Chinese advertising firm), which used APIs to grab user data.
TechCrunch said the developers were mostly in China, and thus the accessing of data appears isolated. However, the question remains as to just how long the activity had been taking place. There’s also an eyebrow raised as to Apple’s security since it did not catch the infiltration and instead had been alerted from other sources.
[bctt tweet=”There’s also an eyebrow raised as to Apple’s security since it did not catch the infiltration.”]
SourceDNA said that Youmi had “apparently been experimenting” with what information it could grab from users’ devices and had been doing so for some time, possibly more than two years, accessing, for example, ad IDs that can be used to track ad clicks or possibly other information. The company had also been able to work around Apple’s attempts at “locking down” private APIs, thus remaining able to read hardware serial numbers.
SourceDNA said it had identified 256 apps, with an attendant 1 million downloads, as those using the Youmi SDK to find private data. The company submitted its report to Apple, and Apple replied that the apps noted by SourceDNA had been banned and that developers who had used Youmi’s SDK must show compliance with Apple security and privacy guidelines in order to get their apps back on the Apple Store. In recent news, separately, Apple has also seen malware hit its app store.
To check out what else is HOT in the world of payments, click here.