Another big App Store breach has been discovered
Nearly a month after malware was discovered in hundreds of infected iPhone apps, another security compromise has infiltrated Apple's App Store.
On Sunday, the app analytic company SourceDNA published a blog post that said it found that hundreds of apps have been quietly collecting iPhone owners' personal information, including their device serial numbers and Apple ID email addresses.
According to the report, the personal data was being gathered by an advertising platform named Youmi that integrates with apps made by Chinese developers.
"We've found hundreds of apps in the App Store that extract personally identifiable user information via private APIs that Apple has forbidden them from calling," SourceDNA wrote in the blog post. "This is the first time we've seen iOS apps successfully bypass the app review process. But, based on what we learned, it might not be the last."
SourceDNA estimates that the number of compromised apps has accounted for at least 1 million downloads cumulatively. The app company recommends that developers stop using Youmi's advertising software.
No sensitive customer data beyond "the list of installed apps" on an iPhone, its serial number, and Apple ID email associated with the device has been reported as compromised, according to SourceDNA.
In a statement to Tech Insider, Apple said it has already begun removing affected apps from the App Store.
"We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server," an Apple spokesperson said in the statement. "This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
- Facebook and Microsoft aren’t the only ones creating a metaverse — here are five popular coins looking to create digital worlds
- Loaded Lion NFT sells for $1 million — three days after launching at $200
- Qatar Airways says it is not accepting passengers on its flights from 2 African nations immediately due to the new Omicron variant
- Facebook, Microsoft and others look towards the $1 trillion dollar ‘metaverse’ opportunity — but that contradicts the base philosophy behind Web 3.0
- Paytm Q2 result — Operational revenue crosses ₹1000 crore, loss widens by ₹37 crore
- These Indian states have the highest number of international airports; UP tops the list
- Centre raises Bengal labour budget for creation of 27 cr man-days
- Over a million Ethereum tokens have been burned since the big upgrade, but transaction costs are still a pain point for the network