Tuesday, October 20, 2015

Hundreds of apps on App Store secretly stole user data

If you thought using nothing but apps downloaded from Apple's official App Store has enough to keep you safe, here's another incident that proves otherwise, and that may have left over a million users vulnerable to data theft.

Downloading an app from the App Store is something most users will consider to be trustworthy. After all, to get there an app must pass several security checks by Apple. However, just as hackers keep finding ways to hack devices and software, they also find ways to bypass Apple's security checks.

There were several hundred apps in the App Store that secretly stole user data. The problem wasn't the apps themselves, but a SDK they were using for a ad network called Youmi. This SDK was using some tricks to access private APIs without triggering Apple's security checks, and so it was able to grab things like what apps were installed in the device, which were in foreground, and the user's Apple ID. This data would then be sent to a remote server.

It seems like Youmi was trying to mask this kind of private API access for some time, and they finally did it. And although they've now been caught and the affected apps (which have been downloaded over a million times) have already been removed from the App Store by Apple, the question remains: how many more of apps using similar tricks may be out there, grabbing as much data as they can from its users?

No comments:

Post a Comment

Related Posts with Thumbnails

Amazon Store