Apple is doing it again. The iPhone maker has proceeded to deleting more than 250 mobile apps from its App Store, and most of the apps removed were mostly Chinese made, and were already downloaded by a total of about 1 million iOS users. As indicated on a report published by SourceDNA, these mobile apps were apparently accessing and saving personal data, such as Apple ID and serial numbers of handsets, via the use of private application program interfaces (APIs). So far, SourceDNA has identified 256 affected programs, all of which had made use of software development kit (SDK) that was supplied by China based advertiser Youmi, which then reportedly mined the data from mobile users unauthorized, and without the knowledge and consent of the actual creators of the mobile apps in question.
According to an official statement from Apple, the company has already removed the affected mobile apps, and is even planning to bar any new apps submitted to the App Store that use this particular SDK. The company added that that is now coordinating closely with app developers in order to help them receive updated and safe versions of the mobile apps theys created.
The past few months have seen Apple encounter many cases of infected mobile apps in its App Store. For instance, just a month ago, more than two dozen affected China made mobile apps found their way into the App Store. This was made possible because developers unknowingly utilized an illegitimate version of the Xcode program (called XcodeGhost), which is used to develop mobile apps for the iOS environment.
And then earlier in October this month, Apple was also forced to delete a number of ad blocking mobile apps that install root certificates that permit remote monitoring of users’ private data, such as information on network access and usage, and even financial information, all being transmitted to the mobile app’s servers. To be clear, Apple does not hold the developers accountable for the breach in security, and as mentioned earlier, is even working with them in reinstating secure versions of their mobile apps.
The App Store has always had a good track record of preventing infected mobile apps from entering its inventory. As noted by Palo Alto Networks, until the XcodeGhost incident, only a total of five mobile apps infected with malware ever passed through the App Store’s security measures. This is certainly impressive, especially when one considers that the App Store now has more than 1.5 million mobile apps available.
