- Sep 20, 2007
- 17,504
- 12
- 0
Researchers at SourceDNA have identified 256 apps which use the third-party Youmi ad SDK to silently collect user data without consent.
The advertising company collects things like device serial numbers, a list of apps installed on the device, hardware configurations, and email addresses associated with the user's Apple ID. All of which is in violation of Apple's App Store policy.
Once again, this appears to be mostly targeting Chinese iOS users. The official McDonalds' app for Chinese speakers was specifically fingered for using the Youmi network.
The SDK uses a digital cloak to obscure its data gathering functions from both users and developers. "McDonald's in China didn't do this on purpose. They installed this SDK to show ads, and the SDK vendor is using that privileged position in the app to collect data on all users who use their app," said Source DNA spokes person Nate Lawson.
Apple has responded to the allegations, saying they will remove all apps currently using the Youmi SDK, and will reject any future apps that still integrate it.
http://arstechnica.com/security/201...56-ios-apps-that-collect-users-personal-info/
The advertising company collects things like device serial numbers, a list of apps installed on the device, hardware configurations, and email addresses associated with the user's Apple ID. All of which is in violation of Apple's App Store policy.
Once again, this appears to be mostly targeting Chinese iOS users. The official McDonalds' app for Chinese speakers was specifically fingered for using the Youmi network.
The SDK uses a digital cloak to obscure its data gathering functions from both users and developers. "McDonald's in China didn't do this on purpose. They installed this SDK to show ads, and the SDK vendor is using that privileged position in the app to collect data on all users who use their app," said Source DNA spokes person Nate Lawson.
Apple has responded to the allegations, saying they will remove all apps currently using the Youmi SDK, and will reject any future apps that still integrate it.
http://arstechnica.com/security/201...56-ios-apps-that-collect-users-personal-info/
Facebook
Twitter