Apple has removed and banned hundreds of spying iOS applications from its iTunes App Store due to concerns that the software was gathering users' personal information from its private application program interface (API). An analytics firm discovered the programs that steal personal data including device serial numbers, Apple ID e-mails, and a list of the iPhone's installed apps and connected devices such as laptops, to an advertising company in China.
SourceDNA reported in a blog entry that this was the first case in which iOS apps were able to avoid the app review process. Other published apps could be using the same unscrupulous methods.
The App Store applications were using the same software development kit (SDK) from the Chinese ad company Youmi. It has been spying on users' private info for around two years.
SourceDNA researchers at Purdue University found a total 256 apps that were secretly collecting customers' data, according to NBC News. It estimated a grand total of 1 million downloads from a Youmi private API.
The scope of the problem seems to be limited to China. However, developers have clearly been using the software to spy on users' personal info.
Apple informed SourceDNA that it will remove all apps that use Youmi's SDK. Furthermore, it will reject future apps that use the SDK.
Apple's App Store's strict approval system has made it historically more secure than Google Play. However, not so much lately.
In September many cybersecurity companies found the XcodeGhost malware hidden in around 40 genuine iOS apps. Several of the apps were from China. The infected software can upload mobile device and app info to a server, and then prompt phony dialog boxes to phish private user data, read and write clipboard data, and open certain URLs, according to PC Mag.