The applications that have now been removed from the App store after they were found to be taking private information from iPhones using a malicious advertising toolkit.
The applications which were largely from Chinese based developers stole private information, such as email addresses, from users. This is due to a popular software development kit called Youmi which the developers used to build in advertising. The developers were unaware that Youmi also built in a code which would steal user information and upload it to the Youmi servers.
The issue with Youmi’s code gained attention when researchers from Purdue University and research firm Source DNA highlighted the fact that the malicious applications were the first to successfully bypass the apple store review process.
It is estimated that to date the applications have been downloaded over 1 million times.
In a statement, Apple said:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines.
“The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”