The Chinese mobile ad company responsible for malicious code discovered in 256 iOS apps has come forward and apologized after being named and shamed by Apple.
“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server,” Apple said in a statement yesterday.
Apple took the steps of banning all affected apps from the App Store on the grounds that they were illegally accessing users’ personal information — including email addresses, device ID, and other personal identifying data.
In a statement, Guangzhou Youmi Mobile Technology Co. offered its “sincere apologies,” and said that it is working with Apple to resolve the problem
Although the data breach was only revealed on Sunday, it appears that Youmi’s developers first started using the technique for extracting user data two years ago.
“Given how simple this obfuscation is and how long the apps have been available that have it, we’re concerned other published apps may be using different but related approaches to hide their malicious behavior,” said security researchers SourceDNA after discovering the flaw.
Youmi doesn’t seem too sorry, however, since its statement blames “one-sided media” reports for calling it a security breach, rather than (as Youmi would prefer it) a way for advertisers and developers to protect themselves against fraud. By, you know, breaching security protocols.
Youmi ran into problems yesterday after its website was taken down by a malicious hack. If that’s not too “one-sided” a description for what happened.
Source: WSJ
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
3 responses to “Chinese ad company apologizes for snooping on iOS users”
Working to resolve what? They purposely chose to abuse the system and take advantage of a flaw in the system. For that they should be fined, banned & black listed from any future development on any platform. If any reputable company did the same thing they would find themselves being sued and tied up in court. These types of issues are becoming ever so more common and unless the steps are taken, people and the companies they work for are held accountable this will continue to happen and even on a much larger scale than you ever imagined!
We are so sorry we got caught. We will endeavour to make it more difficult to detect in the future.
Yes thats the only reason they re sorry… they got caught.