Apple has confirmed that there were hundreds of apps in its App Store that had somehow bypassed its app review process and had been secretly collecting private user data and uploading it to its own server.
Researchers from code analytics platform SourceDNA over the weekend published that it had found at least 256 apps within the App Store that included code for private API calls, which breaches Apple's App Review Guidelines.
The API calls, which was used to collect private user info, such as email addresses used for your Apple ID, as well as device identifiers and a list of your installed apps, were found to be a part of an SDK from Chinese advertising company Youmi, and the data collected was being uploaded to Youmi's server without the developer or user knowing.
According to the researchers, the code was likely included in the apps without the app developer knowing as the SDK was in binary code.
In response, Apple sent out a statement saying, "We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server."
"This is a violation of our security and privacy guidelines," Apple said, adding that all apps using the Youmi SDK will be removed from it's App Store and any new apps that use the SDK will also be rejected.
"We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly," Apple said.
But while Apple has been quick to remove the apps containing the SDK from Youmi, researchers from SourceDNA are concerned that other published apps could contain similar APIs that are also hidden that have also somehow bypassed Apple's app review process.
Unfortunately, a full list of effected apps have not been published or revealed, but it is expected that most of the apps were developed in China and targeted to Chinese users.
Via 9to5Mac
