Apple has proactively gone through a process of removing a number of applications from its iOS App Store after a framework within those apps was discovered which violates the developer guidelines. An analytics firm had recently discovered the issue by shedding light on the fact that the Youmiadvertising SDK – meant for China – uses its integration in iOS and Android apps to collect and store personal information about the user of the app, seemingly without consent. Such activity is prohibited by Apple’s App Store guidelines and as such, the iPhone-maker has been quick in reacting to the discovery.
SourceDNA – the security analytics firm behind the discovery – has developed its own proprietary tool called Searchlight that it uses to go about its analytical business. This particular tool also managed to uncover a total of 256 individual apps hosted on the App Store that utilize a version of the Youmi SDK which violates user trust and privacy. What’s more concerning, is that those 256 apps are responsible for more than one million downloads collectively. That’s a lot of iOS devices and a lot of presumably unaware users whose data such as Apple ID email and device identifiers are being compromised.
It seems that the majority of the apps utilizing this particular SDK are developed and submitted to Apple by Chinese developers, most of whom are likely entirely unaware of the potential damage their own app is causing by using Youmi. Even if said developers did delve into the underlying source code of the SDK, SourceDNA is reporting that the codebase itself is obfuscated to make it extremely difficult to decipher.
As part of the action, Apple has released a statement outlining the issue in which Apple has confirmed the violation and removal of all those apps making use of Youmi’s SDK. Apple has also confirmed that any new app submitted to App Store with code from Youmi’s SDK will be rejected. Apple is now working with the developers whose apps have been removed from the App Store to help them get updated versions of the apps out again which are in compliance with Apple’s guidelines.
If you’re a developer with apps on the App Store, and if you’ve ever used or continue to use any version the Youmi SDK, then you can use the aforementioned Searchlight tool to check if your app is affected.
Source | www.redmondpie.com