Apple Eliminates 256 Apps That Absorb Personal Data

Apple has often been the subject of scorn — as with every other major cellular and software platform producer — when it comes to their terms of service and accusations of collecting information without their users’ knowledge.

Now, however, Apple seems to be safeguarding you and your information when it comes to your iPhone and iPad.

Last week, Apple brought the proverbial hammer down on over 256 applications available in the Apple App Store, because those applications were found to pull personal data from their users’ phones for their own use. According to Apple, these 256 apps weren’t disclosing that they were taking and storing personal data from their users. However, the apps had managed to be approved for the App Store, all while using private APIs.

The mobile security company, SourceDNA, was the first company to figure out that there was a problem with the selected applications in the Apple App Store. SourceDNA noticed that selected apps were pulling data to their applications using the aforementioned private APIs when they were uploading their own product, Searchlight, to the App Store. Once SourceDNA found a few apps that were secretly downloading personal information, they did an extensive search and found more than 256 violators in the Apple App Store. From there, they contacted Apple.

You might think that the apps that were found to be stealing personal information would be obscure and small, but some of the apps listed as being banned from the Apple App Store are actually very popular.

The scary thing is that even though SourceDNA found 256 apps that were stealing information in the Apple App Store, they have stated that there may be many, many more that have slipped through the cracks.

“We’re concerned other published apps may be using different but related approaches to hide their malicious behavior. We’re continuing to add new features to our engine to discover anomalous behavior in app code and find out if this is the case.”

When SourceDNA contacted Apple about the malicious apps, Apple responded immediately, banning them from the Apple App Store and releasing the following statement.

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

What’s ironic about SourceDNA catching the bad apps in the Apple App Store is that SourceDNA specializes in helping app developers better their coding and points out security flaws.

It should be noted that the actual developers of each of the banned apps were ignorant to the existence of the code that was collecting personal data from their users. It has been estimated that the 256 banned apps were downloaded over a million times before Apple removed them from the app store.

Each individual app contained the Youmi SDK, which possessed the data collecting feature, and reports indicated that the vast majority of them were produced by programmers based in China. Now that the apps have been removed from the Apple App store, most, if not all, of them will return very soon after their developers modify them so that they are not in violation of Apple’s guidelines.

[Photo by Stephen Lam / Getty Images]