iPhone App Store WARNING: 256 apps REMOVED over privacy infringement
The Apple App Store was hosting 256 apps which secretly harvested serial numbers form your device
APPLE has pulled 256 apps from the App Store for secretly harvesting your private information.
 
Security analysts have found 256 apps in the iOS App Store which have been secretly gathering private information to track Apple users.
The infected apps – which include an official McDonalds iOS app – have affected one million users in total, it has been claimed.
Adverts hosted within the apps have been secretly tracking iPhone and iPad owners' email addresses, unique serial numbers and other personal information.
 
Analytics firm Source DNA, which first discovered the slew of affected apps, believes some developers could be unaware their iOS app is being used to siphon customers' private information.
Chinese mobile advert provider Youmi is believed to be responsible for the harvesting of information, according to Source DNA.
Founder of Source DNA Nate Lawson told Ars Technica: "This is the first time we've found apps live in the App Store that are violating user privacy by pulling data from private APIs.
"It's definitely the kind of stuff that Apple should have caught."
 
iPhone App Store WARNING: 256 apps REMOVED over privacy infringement
Apple has forced to remove dozens of apps infected by XCode Ghost earlier this year
iPhone App Store WARNING: 256 apps REMOVED over privacy infringement
The latest iOS App Store scare comes form Chinese mobile advert provider Youmi
Apple has a strict privacy policy and vetting process for its hugely popular App Store.
The 256 apps identified by SourceDNA are accessing data explicitly forbidden by Apple's App Store rules, Mr Lawson added.
Certain apps running the Youmi mobile advert network were found to be collecting serial numbers for cameras and other hardware components, as well as the email address associated with your Apple ID.
 
A spokesperson for Apple said: "We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. 
"This is a violation of our security and privacy guidelines. 
"The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. 
"We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
The infected software was developed using a clone of Apple's own iOS app creator, dubbed Xcode Ghost, which laced the apps with a mobile virus.
Ride-hailing app Didi Kuaidi and WeChat were amongst the apps affected.

Post a Comment Blogger Disqus

 
Top