Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Apple App Store Bans 256 Apps Secretly Taking Personal Data

by Elmer Montejo on October 21, 2015

Apple App Store Kicks Out 256 Apps Secretly Getting Personal DataApple has begun purging 256 unidentified apps from its App Store after finding the apps had been secretly collecting personally identifiable data from users and sending it to an advertising outfit in China.

The affected apps, which have been downloaded about 1 million times already, were mostly apps from China-based programmers using the Software Development Kit (SDK) from Youmi, a known China-based advertising service. An SDK or devkit is a collection of software tools for creating a software application.

Security researchers from SourceDNA found questionable lines of code in Youmi's SDK that were performing functions prohibited by Apple. SourceDNA found code for the undetected retrieval of the names of all installed apps or the currently open app, the platform serial number, the list of connected devices (such as laptops), the serial numbers of peripherals and user AppleIDs or email addresses.

The security researchers also found code for retrieving the advertising ID, a legitimate function for tracking ad clicks, but SourceDNA believes that Youmi may have been using it for other purposes, because the code author had tried to make the action undetectable.

Researchers from Purdue University have found similar patterns of questionable behavior in iOS apps in the past that used the Youmi SDK.

SourceDNA indicated that developers of the privacy-violating apps may have unknowingly integrated the Youmi spyware into their respective apps, because the SDK comes in binary form and is not readable by humans. The researchers actually had to take the code apart and sift through it with a fine-toothed comb in order to find the fishy parts.

In its blog report, SourceDNA said the masking method was very simple. But considering the length of time that it went undetected, SourceDNA worried that other iOS apps might also be conducting malicious activities using different but related methods of hiding the code.

Following the report from SourceDNA, Apple quickly released a statement saying that apps using the Youmi SDK violate Apple guidelines on security and privacy. Apple will be removing the said apps, and newly submitted apps using the same SDK will not be approved. Apple is working with app makers to provided updated, safe and compliant versions of their respective apps.

This is not the first time that Apple has cleaned its App Store of apps infested with malware originating in China. Last month, Apple had to remove 39 iOS apps infected with the XcodeGhost malware.

Keep your smartphone and devices safe by reading how to preserve your privacy and secure your personal information.

[Image credit: Denys Prykhodov /]


iPhone/iPad Apps, News, Mobile Apps, Blog, Privacy

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.