Apple deletes over 250 data-mining apps from App Store

Once again, the tech giant has deleted apps from its App Store over security concerns. This time the culprit is Chinese advertiser Youmi, which used third-party apps developed with its software to mine user data.

Daniel Van Boom Senior Writer
Daniel Van Boom is an award-winning Senior Writer based in Sydney, Australia. Daniel Van Boom covers cryptocurrency, NFTs, culture and global issues. When not writing, Daniel Van Boom practices Brazilian Jiu-Jitsu, reads as much as he can, and speaks about himself in the third person.
Expertise Cryptocurrency | Culture | International News
Daniel Van Boom
2 min read

Josh Miller/CNET

Apple has removed over 250 apps from its App Store, the company revealed Monday. The applications in question were mostly Chinese, and were downloaded by a total of around 1 million users.

These apps were accessing and storing personal information, like Apple ID and device serial numbers, according to a report by SourceDNA. The security blog found 256 tainted programs, all of which had used a software development kit (SDK) provided by Chinese advertiser Youmi. Youmi then allegedly farmed the information from users, largely unbeknownst to the actual developers of the apps, according to SourceDNA.

"We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server," a statement from Apple read.

"This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."

Neither Apple nor SourceDNA named any of the numerous apps found to be gathering user information.

The Cupertino, California, tech giant has been running App Store defence more than usual in recent months. In September over two dozen infected Chinese apps made their way into the App Store, thanks to developers unknowingly using a tainted version of Xcode, the program used to make apps for iOS. Then, earlier this month, the iPhone maker removed several ad-blocking apps which install root certificates that allowed remote monitoring of a user's private information, like network data.

The App Store's security has historically been solid. Palo Alto Networks noted that, prior to September's Xcode breach, only five malware-infected apps have been able to make it through the company's testing. There are over 1.5 million apps in the store.