According to analytics company SourceDNA, there are hundreds of iOS applications on the App Store that are capable of accessing personal information including email addresses that are tied to the respective Apple IDs, device information and serial information.
According to a report by SourceDNA, there are a total of 256 applications that cumulatively have a total of 1 million downloads on the App Store. These applications have rouge code snippets in them and SourceDNA advises that developers stop using Youmi’s SDK since it violates user privacy.
The report also added that most of the app developers were located in China. SourceDNA adds, “we believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s. We recommend developers stop using this SDK until this code is removed.”
SourceDNA submitted its findings to Apple. In response to these findings, Apple released the following statement:
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”