Last month, we saw Apple encounter first ever major malware XcodeGhost attack and before the dust could settle over the issue, another vulnerability has been discovered in the App store.
An analytics firm SourceDNA has found that Chinese third party source code platform Youmi, which offer SDK (Software Development Kit) to developers in China, was found to be rigged.
The application created used Youmi advertising SDK used to collect and store app users' personal data like email addresses, device identifiers and route them to company servers without the consent, which is illegal and against Apple App store policy.
SourceDNA detected this anomaly first with the help of the company's proprietary malware detection tool Searchlight. It was able to detect 256 apps developed by Youmi's SDK.
As per SourceDNA estimation, these 256 apps have been installed in more than 1 million Apple devices. That's a really big number to ignore. If these applications are not checked soon enough, this may dent the company's image because Apple app store is touted to be more secure as compared to Google's Android ecosystem.
Acknowledging the severity of the issue, Apple has promptly taken down the aforementioned number of applications from the App store and also added that company is also looking out any new app (developed using Youmi SDK) submission and guide app developers upgrade to new SDK tools, which adhere to Apple guidelines.
Read more: Apple encounters major malware XcodeGhost attack; company revamps App Store security
Apple has a highly strict vigilance system in place at the App store. All application developers have to undergo number of rigorous tests to get permission from the company to upload their apps to the store.
Read more: Read more: Apple iCloud Nude Leak: Kim Kardashian Bathroom Selfies Released
But, lately the recurrence of malware attacks in Apple app store have increased, especially in the past one year. Its high time security experts in the Cupertino company to pull up their socks and scale up safety measures to avoid any more security breaches.
Here's what Apple spokesperson said to SourceDNA:
"We've identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly."