Apple has banned more than 250 apps from the Apple App Store after it was found that these applications were gathering and transferring personal information of the users such as their email addresses, other apps that are installed on their devices and even the serial numbers of their peripherals such as battery and camera.
These apps were unearthed by the internet security firm SourceDNA that found that an app that updates the searchlight of the mobile devices was snooping on the private API (Application Programming Index) of the device on which it was running. This led to further investigation and SourceDNA discovered that there are around 256 such apps that access the private APIs of the users and steal their information.
Further investigations revealed that these apps were developed by various Chinese developers who have been using an SDK from Youmi, a China based advertising company. Youmi has been involved in such practices for around 2 years now which means that millions of users have been affected by such apps.
Apple has taken an immediate note of it and has banned these apps from its App Store. Apple has always warned its users of not downloading apps from sources other than Apple authorised sourced. However, users do not even remotely assumed that the apps downloaded from the App Store of Apple itself can contain malicious codes.
It was just a few weeks ago when we saw XcodeGhost, a fake Xcode for developing Apple apps. It also originated in China and unassuming app developers, especially in China who are affected by the slow download from various sources including Apple instead inadvertently downloaded the fake Xcode – XcodeGhost. When they developed apps using the fake Xcode, the malicious codes were transferred to these apps that were later uploaded to Apple App Store and were downloaded by a large number of users.