Last Updated on October 22, 2015
Apple announced on 19th October that it had pulled hundreds of apps from its App Store because they violated the App Store’s review process by collecting unapproved kinds of personal data.
A third-party analytics service called SourceDNA discovered that apps using a software developer kit (SDK) from a Chinese advertising platform called Youmi, were collecting personally identifiable data, including email addresses, Apple IDs, device and peripheral serial numbers, and a list of apps installed on the device.
Any app using Youmi’s SDK have been removed from the App Store and future apps built with that SDK will be rejected. But the apps will still be available on users’ devices, although they won’t be updated.
Collecting this type of personally identifiable information (PII) is banned by Apple’s strict privacy policy for developers. PII data can be traced to an individual device and user. Approved data collection generally anonymises the data, so while a company might be able to see how long a user was logged into an app, for example, they wouldn’t be able to trace that data to a particular device.
Perhaps more disturbing than the data privacy breach is the fact that Youmi was able to get the data collection past Apple’s notoriously rigorous app review process. According to SourceDNA, Youmi originally tried obfuscating a call to collect the name of the app running on a device at any given time. Once that was successful, apparently Youmi was able to hide other data collection with the same method.
Unfortunately, the evidence suggest that many of the actual app developers may have had no idea that the software was secretly collecting data. Apple has said it will work with app developers to update the apps and ensure they are safe for customers, but until that time, the apps will remain banned.
Most of the apps were based in China, making it a relatively isolated incident. More worrying are the implications that the method used to hide the data collection from Apple was fairly simple, yet went unnoticed for more than two years. SourceDNA points out that there may be other apps using different but related schemes for collecting illicit data.
In late September 2015, the App Store faced an unprecedented attack, when dozens of (mostly) Chinese apps were infected with malware, calling into question Apple’s strict control over the apps allowed in its store and on its devices.
Bernard Marr is a best-selling author, keynote speaker and business consultant in big data, analytics and enterprise performance. His new books are ‘Big Data’ ‘Key Business Analytics’
More from Forbes