Several Chinese apps in the App Store have been found to contain data mining software, leading to 256 being pulled by Apple.
SourceDNA found the problem earlier this month, noting the apps all used a software development kit (SDK) provided by Youmi.
However, the developers of the apps, according to SourceDNA, were unaware that their products were being used to gather user emails and device identifiers.
“Most of the developers are located in China,” it said.
“We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s.”
The issue was particularly widespread when you consider that more than 1m downloads of the apps occurred before their removal. None of the 256 apps have been named.
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server,” said Apple.
“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
Last month, Apple found malware called XcodeGhost in its App Store, leaving the company “scrambling” to fix a problem across some of its most popular apps in China.
Main image via Shutterstock
