Researchers have discovered there are 256 apps on the App Store that have found their way around Apple's vetting process and violated privacy rights. All of them use the Chinese-developed Youmi SDK. In total, approximately one million people use the apps in question.
To be clear, the developer of any of these apps is not necessarily to blame at all. It appears Youmi is the one interested in acquiring your data, and has insidiously worked gathering tools into its development kit, thereby attempting to cover its tracks and pass the blame onto developers, should the scheme be uncovered.
Nate Lawson, founder of security analytics startup SourceDNA (which uncovered the violations), says this is "definitely the kind of stuff that Apple should have caught."
Apple commented on the matter, saying the offending apps will be removed, and Youmi will be banned: "We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."
The incident follows recent news of other privacy violating apps, so it seems Apple's much lauded App Store isn't as pristine as once thought. One would hope the company will take these opportunities to beef up its vetting process and restore its reputation.