Apple has begun purging 256 unidentified apps from its App Store after finding the apps had been secretly collecting personally identifiable data from users and sending it to an advertising outfit in China.
The affected apps, which have been downloaded about 1 million times already, were mostly apps from China-based programmers using the Software Development Kit (SDK) from Youmi, a known China-based advertising service. An SDK or devkit is a collection of software tools for creating a software application.
Security researchers from SourceDNA found questionable lines of code in Youmi's SDK that were performing functions prohibited by Apple. SourceDNA found code for the undetected retrieval of the names of all installed apps or the currently open app, the platform serial number, the list of connected devices (such as laptops), the serial numbers of peripherals and user AppleIDs or email addresses.
The security researchers also found code for retrieving the advertising ID, a legitimate function for tracking ad clicks, but SourceDNA believes that Youmi may have been using it for other purposes, because the code author had tried to make the action undetectable.
Researchers from Purdue University have found similar patterns of questionable behavior in iOS apps in the past that used the Youmi SDK.
SourceDNA indicated that developers of the privacy-violating apps may have unknowingly integrated the Youmi spyware into their respective apps, because the SDK comes in binary form and is not readable by humans. The researchers actually had to take the code apart and sift through it with a fine-toothed comb in order to find the fishy parts.
In its blog report, SourceDNA said the masking method was very simple. But considering the length of time that it went undetected, SourceDNA worried that other iOS apps might also be conducting malicious activities using different but related methods of hiding the code.
Following the report from SourceDNA, Apple quickly released a statement saying that apps using the Youmi SDK violate Apple guidelines on security and privacy. Apple will be removing the said apps, and newly submitted apps using the same SDK will not be approved. Apple is working with app makers to provided updated, safe and compliant versions of their respective apps.
This is not the first time that Apple has cleaned its App Store of apps infested with malware originating in China. Last month, Apple had to remove 39 iOS apps infected with the XcodeGhost malware.
Keep your smartphone and devices safe by reading how to preserve your privacy and secure your personal information.
[Image credit: Denys Prykhodov / Shutterstock.com]