mardi 20 octobre 2015

Apple pulls hundreds of iOS apps from its store for privacy violations

apple_logo_glass_building

More than 250 apps have been pulled from the Apple App Store for secretly gathering users' information including email addresses, device serial numbers and details of other installed apps.

Apple's action comes as a result of a report from analytics service SourceDNA which uncovered the apps built using an SDK from a Chinese advertising company called Youmi. This allowed them to access the information via private APIs and send it back to Youmi's servers.

The Apps involved are mostly China-based and they include the official McDonalds app for Chinese speakers. SourceDNA's researchers estimate that around a million people may have downloaded them.

Since the SDK is delivered in binary form and the information gathered by the apps is uploaded to Youmi's server rather than that of the apps themselves, it’s likely that developers using the kit were unaware of the suspicious activity.

Apple has issued an official statement saying, "We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly".

The scale of the withdrawal does cast doubt on Apple's review process since it failed to identify the data gathering activity until told of it by a third party.

SourceDNA recommends that developers stop using the Youmi SDK until the data gathering code is removed. You can read more about the discovery of the suspect apps on the SourceDNA blog.

Photo credit: TK Kurikawa / Shutterstock



Aucun commentaire:

Enregistrer un commentaire