Apple pulls over 250 apps from the App Store for spying

According to a report published over the weekend, over 250 apps had to be pulled from the App Store by Apple. Their crime? Apparently these apps were gathering information on users using private APIs that Apple had previously banned. The 256 apps removed were using a version of the Youmi advertising SDK, which is meant for China.

The SDK is integrated in iOS and Android apps, allowing it to store information about users of these apps. The 256 apps removed had been downloaded over 1 million times. One report claims that the information picked up by the Youmi SDK includes a list of all apps downloaded on a particular phone, the platform serial number of iPhones and iPads running older versions of iOS, a list of hardware components and their serial numbers employed on iPhones and iPads running a newer version of iOS, and the email address registered with the user's Apple ID. The information is supposedly sent to Youmi servers using private APIs.

Apple has removed all of the apps that were using Youmi's SDK, including the official McDonald's app in China. Developers who want to check their own app(s) can use the Searchlight tool from SourceDNA. The research firm says that the majority of the apps using Youmi SDK were submitted by Chinese developers, who were unaware of what was going on.

In a statement, Apple says that any app submitted to the App Store with code from the Youmi SDK will now be automatically rejected. It also is working with developers whose apps were pulled, to get these apps resubmitted and published again in the App Store.


source: SourceDNA via MacRumors, RedmondPie