Apple blacklists malicious Chinese SDK that steals your private data through apps

Apple has blacklisted a Chinese Software Development Kit (SDK) named Youmi from its App Store amid concerns that it stealthily collected users' private data from iPhones which ran apps that were built through it.

As per SourceDNA's researchers, a total of 256 apps were built using Youmi SDK and have now been removed from the App Store. Since the app makers themselves were innocent, Apple is now working with them to help their apps re-enter the App Store through other means.

If you used any of these apps previously, the SDK hid behind them and accessed your personal data like your iPhone's serial number, your e-mail address and your list of downloaded apps and uploaded them on its own server.

Even though Apple has a zero tolerance policy for APIs that collect private data, SourceDNA's researchers claim that the Youmi SDK has been up and running for over two years. Apple's initial review process apparently failed to detect it when it was first used.

"We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly," said a statement from Apple in this regard.

Apple becomes the second big technology firm this week that has committed to place your privacy and data security at the core of its operations. Yesterday, Facebook stated that it will warn users in future if their profiles came under attacks that are sponsored by governments. In such cases, you will be made to go through "login approvals" which is a two stage authentication process using login codes texted by Facebook to your phone number.

Leave a Comment