Did you know that 256 affected apps were made in China that were gathering data from your phone? These apps were available worldwide on the app store and were downloaded over 1 million times, according to app analytics service SourceDNA, which first discovered the problem. And now Apple bans data gathering apps.
These apps’ creators apparently used a software development kit they purchased from a Chinese advertising company called Youmi. The software apparently allowed the developers to put ads in their apps. Now that’s par for course when it comes to apps, especially if they are free. But there was a catch.
Youmi’s software apparently gathered information about the people who downloaded the apps. This included their email addresses and iPhone serial numbers (scary) and it also began sending all that data to Youmi’s servers. That is a huge violation of Apple’s strict privacy guidelines for app developers.
The other thing that worries Apple is the way Youmi designed the software. It hid that fact from the developers and Apple’s iTunes App Store gatekeepers. That means no one knew they were gathering all that data.
SourceDNA did not say which apps were affected or name any developers. The company told Apple about the problem on Sunday, and Apple then removed the apps on Monday.
“This is a violation of our security and privacy guidelines,” Apple said in a statement. “The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.”
So what happens now?
Anyone who already downloaded the apps will still be able to use them but the apps won’t be updated to the Youmi servers.
The data collection does not appear to be the developers’ fault and seems that it was just a backdoor that Youmi was disguising. There is nothing at this time that tells Apple that the software was sending that data to its servers with those developers knowledge.
Apple said it is working with the app developers to update their apps, ensuring they are safe for customers and in compliance with the app store’s guidelines. All of the apps are banned from the store until they are fixed so there can be no new downloads of any of them.
This is the third big lapse in Apple’s typically tight app store security in the past month. What do you think they should do?