12:33 20th Oct, 2015
Researchers found that the apps route the downloaded user data to private servers without the user even knowing about the same.
Source DNA a security analytics company, recently brought to light its discovery of about 256 apps that have been secretly gathering details about their users, which can actually be used to track them back. The details that were revealed by Ars Technica, tell that there were about 256 apps where the developers themselves were not aware, that their code was relaying personal data from users to secure servers over the internet.
Apple has finally responded to the find and is pretty pissed off that these apps got through right under their noses.
"We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines.”
As for what Apple plans to do with such a blatant violations of its App Store policies, “The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
The whole incident is similar to what happened just a month ago in the XcodeGhost hack scenario. It is a case where developers downloaded laced tools to develop apps, which seemed pretty much normal when they went through the vetting process of the Apple App Store.
What they did not know, was that the software used to build those apps also added an unknown API that allowed a mobile ad provider Youmi to siphon private details from users for its own purposes.
That data would include, private information such as email IDs, unique serial numbers, and even details that would let the receiver track user locations.
For now Source DNA reported that only users in China have been affected since most of the apps have been developed by Chinese developers for that specific market. But there are plenty of big names like WeChat with millions of users that also made it to this list.
- Bobble AI bullish on growing business via regional content; announces dedicated keyboard in Malayalam
- Acer India launches business PC at Just Rs 9999
- TCL 4K QLED with Hands Free AI TV Pre-booking Coming Soon at Reliance Digital
- Linksys India Launches VELOP MX5300 WIFI 6 Mesh System
- Acer introduces Nitro 5, its first 10th Gen Intel® Core™ Gaming Laptop
- Barco Introduces New Series of Advanced Video Processing and Presentation Control Systems
- NETGEAR Orbi RBK50 Mesh System to Augment Your Home Wi-Fi Network for Improved Work Efficiency
- Motorola announces its new flagship in India with the Fastest, Loudest, Boldest; motorola edge+
- Surface Pro X, Surface Pro 7 and Surface Laptop 3 are now available in India
- Genelec Announces 1235A: Classic Heritage, Cutting Edge Performance