Apple has removed 256 apps that were stealing personal user data using a Chinese third-party advertising SDK. SourceDNA, an analytics service for iOS and Android apps, discovered this flaw and sent the list of infected apps to Apple.
The analytics firm found 256 affected apps that were using a version of an advertising SDK called Youmi. It is estimated that the apps were download to around 1 million devices. It is also reported that the developers using this SDK are mainly located in China, and that many were unaware of the thread since the tool kit is delivered in binary form and obfuscated.
Apple released a statement saying that apps with Youmi SDK will be deleted and the company will reject similar future submissions:
[quote]“We’ve identified a group of apps that are using a third-party advertising code, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this code will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”[/quote]
Interestingly enough, one of the infected apps was the official McDonald’s app in China, which is now removed from the iOS App Store.
[ad name=”Google rechthoek”]
