Earlier this week, Apple removed over 250 apps from its App Store that used software from a Chinese advertising firm which secretly accessed and stored users’ personal information, reports Forbes.
The firm, called Youmi, provides developers with SDKs that checks the apps downloaded by a user, user’s email address and the serial number of the smartphone on the sly. Apps based on these SDKs allegedly received over 1 million downloads. Most of the makers of these apps are also based in China, however it was unlikely these developers knew about the wrongdoings.
Apple’s policy does not allow for apps that can collect personal information like how long the user is using a particular app for etc. However, the apps including this code somehow got through Apple’s app review process and were apparently unnoticed on the market for nearly two years. While Apple was pretty swift at taking down the suspicious apps once aware of the issue, there is no telling if similar exploits are being used by malicious developers to get private data.
Android and iOS both offer closed marketplaces to users as an alternative to the more conventional method of simply downloading or buying software from other sources. This is obstinately in the name of security, as the companies claim that apps on the app store when verified, are much safer. Such an exploit however, puts a towel on this argument; because the app stores themselves are so large, it keeps getting harder for Google/Apple to verify all apps without letting something malicious pass through.
Apple & privacy: Credit has to be given to Apple though for caring a lot more about user privacy. This has probably got a lot to do with how Apple actually makes a pretty good profit on every iOS device sold, while Google relies on its services on Android, especially the ads, to generate revenues. This leaves Apple in a privileged position where it simply doesn’t need a consumer’s data to generate profits.
Last week, Apple chief Tim Cook went on the record saying that the company would not bake encryption backdoors in its products, like the US government wanted it to. Similarly, the company refused to unlock an iOS 7 device for the cops, citing that it would be impossible to unlock the phone if it were running the more encryption friendly iOS 8. Android 6.0 also does a few things right, such as enabling users to stop apps for collecting certain information after install. However, given Android’s fragmented marketplace, a majority of Android users are never going to see these updates.