The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
Advertisement
Apple has now verified the SourceDNA report and is removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines.
SourceDNA found 256 apps using the SDK.
Apple issued a statement confirming that Youmi’s software collected private information in violation of Apple’s security and privacy policies. Apps using the Youmi advertising SDK were found to be accessing users’ Apple IDs, gathering a list of apps installed on devices and documenting the serial numbers of peripherals, among other privacy invasions. After Apple started blocking apps from reading platform serial numbers in iOS 8, Youmi started collecting information on individual device components, like the battery system, and used those to identify individual devices. These apps managed to get through the App Store approval process with private APIs, which are against the rules. The company is working with developers to ensure they can resubmit apps without these private APIs so to comply with Apple’s rules.
The app makers that relied on Youmi’s SDK, most of which are based in China, may not have knowingly violated Apple’s security and privacy guidelines. Thankfully though, the incident appears to have been isolated and has been nipped in the bud, courtesy SourceDNA’s vigilance. This has has been going on for more than a year. The software developer kit in question comes from a Chinese mobile advertising company, Youmi.
So where does the blame lie? Developers probably didn’t realize Youmi’s SDK was pulling private data, the analytics firm said, because the info the app collects is routed to Youmi’s server, not the app’s.
Advertisement
Looking at the situation, it seems to be vital that Apple along with various third-party analytic services step up its game, in order to be able to foil the plots of Youma like organizations that seek to illegally and forcefully avail information for their own personal gains. These developers used a tainted version of Xcode to create apps that contained malicious code.
