SourceDNA reports something that will both worry and comfort users of Apple’s highly popular smartphone. The tech giant removed over 250 apps, with a total download count of over 1 million from its iOS App store that had been discovered to be collecting private user details. The apps, in addition to their normal operation, were able to access normally protected APIs within iOS systems to extract a number of details about the host device and its usage. Among the data that is confirmed to be collected by these apps are the user’s email address, app download history and more worryingly, the device’s serial number.
The company responsible for these infringements was found to be Youmi, a Chinese advertising company. To create more vectors of attack, instead of creating one, or a small suite of compromised apps themselves, instead they released an SDK to developers, which added their data gathering code to created apps without the developer’s knowledge. And while most of the usage of Youmi’s software is centered in China, it is certainly advised to cease use of Youmi’s apps or SDK until they are assured to be safe.
The scariest thing about this release is that Youmi have been developing these exploits successfully for almost two years and for all this time, with apps running the malicious code able to slip past Apple’s app review process. And if this has been working for so long, it raises the question of if any other companies are using a similar type of exploit on the widespread mobile OS.
In a statement, Apple announced they would be offering support to developers of compromised apps, helping them to create updated versions of their apps that are safe for consumers and conform to Apple’s security guidelines.
If you are a user of an iOS device, will you start to think twice about which apps you download, consider switching to Android or remain in confidence of the iPhone?