large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Apple pulls over 250 apps that secretly harvested user data

Apple has yanked around more than 250 applications from the App Store, after discovering an SDK tool was secretly collecting user data.

The affected apps had made use of an SDK from third-party advertising provider Youmi, which unbeknownst to the app developers had been using a hidden private API gathering users’ email addresses and device serial numbers.

The discovery was made by code analytics platform SourceDNA (via 9to5Mac), revealing how the apps had slipped past Apple’s review process. The company said the affected apps (256 in total) had been downloaded around a million times.

The apps haven’t been listed, but they’re believed to be primarily aimed at the Chinese market.

Confirming the issue, Apple said it is now working with the developers in order to get those apps back on the App Store sooner rather than later, minus the malicious API.

In a statement on Monday, Apple wrote: “We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines.

The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

See also: iPhone 6S review

Whether there are other third-party mobile advertising services pulling similar scams remains to be seen, but SourceDNA suggests it’ll may more prevalent than currently known.

“Given how simple this obfuscation is and how long the apps have been
available that have it,” the site wrote, “we’re concerned other published apps may be
using different but related approaches to hide their malicious behavior.”

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.