iOS apps found squirrelling away user private info using pvt APIs

Sourcedna, a Web analytics service, has just announced that it had found 100s of apps in the App Store that extracted personally identifiable user information via private APIs that Apple had forbidden them from calling. This was the 1st time, it said, it was seen that iOS apps had successfully bypassed the app review process, adding it may not be the last, though.

It said on its official blog:

We found these apps while adding support to Searchlight to scan for private API usage. This is something that will get your app rejected by app review, so we want to alert our users to this problem before it costs them time, especially when they’re trying to get a critical update out.
Online reports said Apple had started removing the guilty apps since using private API calls is a breach of App Review Guidelines.

Researchers find 256 iOS apps that collect users’ personal info – Ars Technica Oct 19, 2015 

Researchers said they’ve found more than 250 iOS apps that violate Apple’s App Store privacy policy forbidding the gathering of e-mail addresses, installed apps …


Read more …

Apple removing hundreds of App Store apps as advertising SDK found to collect sensitive user data via private APIs – 9to5Mac

Oct 19, 2015

Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers..

Read more…




•Share This•