Popular “code transparency” company, Source DNA, has found over 250 apps in the iOS App Store that use a specific SDK (Software Developer Kit) to obtain personal user information. A Chinese advertising company called Youmi is said to be the responsible party behind the malicious code. It was discovered that Youmi was using a private API (Application Program Interface) to collect the information from users and then reroute it to servers in China.

Is My Information Secure from the Youmi API?

Before you start worrying about your privacy and security, the information that has been obtained is really not that invasive. There isn’t much that anyone can do with it besides annoy you. However, Apple is dedicated to your privacy. Allowing this type of intrusion is a violation of Apple’s security and privacy guidelines.

What Information is Youmi Gathering?

1. A list of all apps installed on the iOS device.
2. The platform serial number of iPhones or iPads themselves running older versions of iOS.
3. A list of hardware components on devices running newer versions of iOS and the serial numbers of these components.
4. The email address associated with the user’s Apple ID.

It is estimated that more than 1 million downloads have occurred using this corrupt SDK, most of them being in China. Because of the length of time at which this has been occurring, Source DNA is worried that there may be more apps out there using obfuscated binary which disguises this coding. Apple has promised to remove all of these corrupted apps and guarantees it will reject all future App Store hopefuls that use this SDK.

Apple has also released the following statement

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”