Apple is removing applications that install root certificates

Apple has started removing applications that install root certificates on users’ phones. This is a security measure, since developers can gain access to encrypted traffic from a user by exploiting root certificates.

Removed apps were mostly ad blockers, where one of them is Been Choice. This is a very popular ad blocker that installs its own root certificate, so the traffic can run through a VPN. This way a developer can route the traffic to its own server and remove the ads. When it comes to Been Choice, this app was able to block ads not only from Safari but other apps as well.

Apple made the following statement to TechCrunch:

Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can, in turn, be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store while ensuring customer privacy and security is not at risk.

What’s interesting is that Apple doesn’t offer an official method for these apps to fix the problem of using root certificates, so it seems unlikely the apps will return to the App Store.