Last month we told you about a major Apple App Store malware infection and this month we're hearing of yet another security threat. For the third time in two months, Apple has had to delete apps from its App Store over security and privacy concerns, this time because of Chinese advertiser Youmi, who used third-party apps developed with its software to obtain user data.
Why is this a big deal? We know that most websites place cookies on us when we visit them to mine information on potential customers and viewers, how is this different than cookies?
The applications in questions, which were downloaded by about 1 million users, were accessing and storing personal information like Apple IDs and device serial numbers, according to a report by SourceDNA. The security blog found that an estimated 256 apps were using the software development kit (SDK) provided by Chinese advertiser Youmi and that Youmi then collecting the information from users, apparently largely unbeknownst to the developers of the apps.
A statement from Apple read, "We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server."
Apple continued to say that, "this is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
Currently, neither Apple nor SourceDNA have revealed which apps were found to be using Youmie's SDK and were gathering information.
Many have commented on the recent string of security threats that have cropped up in the historically secure App Store, but Apple's quick response and transparency shows they're taking the threats seriously.
We'll continue to keep you updated on this story but in the meantime, if you see that one of your apps is due for an update you might want to ahead and update to receive the benefit of any new security measures.