Apple has removed over 250 apps from the App Store, after it was discovered they were using a third-party advertising software development kit (SDK) that collected iPhone and iPad users’ data.
The SDK, a Chinese platform called Youmi, was discovered by analytics firm SourceDNA, which used its own search tool to identify the apps that breached Apple’s guidelines. The 256 apps have been downloaded over a million times.
It is not believed that developers used the SDK with the intention of collecting data. Instead, many unwittingly used the tools, unaware that code within it broke strict Apple rules about privacy.
Worryingly, data collected includes email addresses, as well as serial numbers of iPhones and iPads and details of apps running on each device. It is believed Youmi has been mining the data for the past year.
In a statement, Apple said: “We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server.
“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
"We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
This is the latest in a series of attempts to breach Apple’s previously impenetrable App Store. XCodeGhost last month became the first malware to hit Apple’s emporium, while another attack was recently revealed to have been foiled by Cupertino.