Hundreds Of Apps Banned From App Store For Accessing Users’ Personal Information

20 Oct 2015 | Author: | No comments yet »

Apple Bans Hundreds of Apps That Hid Chinese Spyware.

APPLE has removed hundreds of apps from the App Store after they were caught secretly leaking the users personal information using a Chinese advertising company’s hidden software.Apple has banned 256 apps, with an estimated total of 1 million downloads among them, following the identification within them of software that was secretly collecting data to send back to an advertising firm in China.More than 250 iOS apps were found in violation of Apple’s App Store privacy policy, scooping up data from one millions users estimated to have downloaded the offending apps.Security analysts have found that at least 256 apps in the iOS App store are secretly gathering iPhone owners’ e-mail addresses, unique serial numbers, and other personally identifying information that can be used to track users.

The security company says the Chinese firm Youmi created the app-making software which added the feature in the apps of being able to detect the user’s email address and the serial number of their iPhone. “We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the apps,” SourceDNA says on its blog post. Don’t start deleting all of your favorite iPhone apps, though: The problem appears to be isolated to China, where developers are unknowingly pushing Youmi’s sneaky SDK to customers. “We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server,” Apple said in a statement. “This is a violation of our security and privacy guidelines. But Youmi’s code happened to include a few extra functions, which secretly gathered info about the phone, user, installed apps and connected devices such as laptops and accessories. The apps were violating privacy by pulling data from private APIs, in a breach so secret that the app developers themselves are not likely to have known about it. But security analytics company Source DNA told Ars Technica that the data gathering is so surreptitious that even the individual developers of the affected apps are unlikely to know about it, since the personal information is sent only to the creator of the software development kit used to deliver ads in these apps.

The software developer that was siphoning off the private information of hundreds of thousands of people was a Chinese mobile ad provider called Youmi. According to SourceDNA, Youmi bypassed Apple’s app review process by testing what apps could sneak by, then used the same obfuscation technique to request user data. For instance, the Flashlight app was found to be collecting and selling user locations, and fitness app Endomondo shares your date of birth and location with advertisers. The ad ID can be accessed for tracking ad clicks, but given that Youmi was surreptitiously collecting it, the firm may have been using it for other purposes, the report speculates. The list of infected apps includes some of the most popular apps in China, including the ride-hailing app Didi Kuaidi and WeChat, which has roughly 500m users.

Both these attacks are quite unprecedented, since the Apple App Store has always been known for its security: it is extremely selective about the apps it makes available, and tries to ensure that App Store titles are safe and securely designed – although Apple has never disclosed its security measures or vetting process. In fact, SourceDNA’s founder Nate Lawson tells us this has been going on for about a year-and-a-half. “We’re concerned other published apps may be using different but related approaches to hide their malicious behavior,” a SourceDNA blog post states. “We’re continuing to add new features to our engine to discover anomalous behavior in app code and find out if this is the case.” SourceDNA submitted its report to Apple, and Apple replied by offering the company a statement (see below) indicating the apps in question had been banned.

Here you can write a commentary on the recording "Hundreds Of Apps Banned From App Store For Accessing Users’ Personal Information".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site