As much as Chinabeing an invaluable source of revenue for Apple, it has only given headache to the governed App Store.
In September, the scandal involving the polemic Xcode clone used by developers in the Asian country led the company to clean up its app store, where many products offered legally contained malware implemented using a compromised version of the SDK (software development kit, or software development kit) for iOS. Now, it was Youmi's turn (an advertising company) to offer integration with third-party apps that used APIs (application programming interfaces, or private application programming interfaces) of the system to collect emails, collect device identification codes and send private user information to private servers.
The discovery was revealed yesterday by SourceDNA, a security company responsible for offering developer assistance solutions to meet Apple requirements. Part of the information collected was supported only in previous iOS editions, but even so, SourceDNA experts identified 256 products in violation of the App Store terms in China.
THEArsTechnica obtained a statement from Apple after the news aired, stating that steps were already being taken:
We have identified a set of applications that are using an SDK developed by Youmi, a mobile advertising provider, using private APIs to collect private information, such as email user addresses and device identifiers, in order to forward your company's servers. This is in violation of our security and privacy guidelines. Applications that use the Youmi SDK will be removed from the App Store and any new applications sent using the same SDK will be rejected. We are working collaboratively with developers to help them get updated versions that are safe for our customers and in compliance with our guidelines, aiming to get them back to the App Store quickly.
In a statement to theWall Street Journal, Youmi regretted the inconvenience and claimed to be collaborating with Apple to quickly resolve issues with its SDK. However, SourceDNA detailed the collection process as sophisticated, since it operated for more than two years, even without the consent of the developers who used it.
It is estimated that more than 1 million users have been affected by the breach of privacy. In addition, theWSJ It also claims that Youmi's website has been hacked in recent days, indicating the possibility of information leaks.
