Apple Bans More Than 250 Apps From App Store For Accessing Users’ Information

When you play a game on your phone, use an application to play music or order food for delivery, you probably assume the app is working in a pretty straightforward manner — it’s letting you crush candy or add extra tahini sauce to your order. That wasn’t the case for more than 250 apps previously available in the App Store, which have been banned by Apple for secretly collecting and storing users’ personal information.

A Chinese advertising company called Youmi provided app makers with a software development kit [SDK] that could gather information on what apps a user had downloaded, their email address and serial numbers for their smartphone, according to mobile security company SourceDNA (h/t TechCrunch). Those apps in total had been downloaded more than one million times.

Most of the developers using Youmi’s SDK are based in China, and might not even have been aware they were running afoul of Apple’s security and privacy guidelines.

“We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s. We recommend developers stop using this SDK until this code is removed,” SourceDNA says in the blog post.

How did Apple’s review process allow these apps to slip through? It’s unclear, though SourceDNA believes its likely that Youmi had been tinkering around for years trying to come up with a way to tap into iOS’ restricted application programming interfaces (APIs) to cull info only Apple should be able to see. Youmi pushed the limits of its SDK, and once it got through the Apple review process, it likely got the confidence it needed to change it up and enable it to collect information.

SourceDNA alerted Apple submitted their report to Apple, and Apple responded by banning the apps in question. Any developers who used YOumi’s SDK are working with Apple now to get their apps updated so they comply with Apple’s guidelines, which will allow them to put their apps back in the App Store.

“This is a violation of our security and privacy guidelines,” Apple said in its statement. “The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.