A MILLION iPHONE USERS HIT BY MALWARE INFECTING APPS
Technology giant Apple’s App Store has been hit by a further wave of malware that has infected hundreds of iPhone apps, according to a report.
Hundreds of apps have been silently been collecting user information which could be used to identify them, with over a million users estimated to be affected.
App analytic company SourceDNA said in a blog post on Sunday that it had discovered iPhone apps were amassing personal data including device serial numbers and Apple ID email addresses.
The firm estimated that 256 apps were infected, with over one million downloads to date.
SourceDNA said it had discovered that the information collected was being sold to an advertising platform called Youmi, which is integrated with apps made by Chinese developers.
“We believe the developers of these apps aren’t aware of this since the Software Development Kit (SDK) is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s,” said SourceDNA.
“We recommend developers stop using this SDK until this code is removed.”
An Apple spokesperson said in a statement: “We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server.
“This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected.
“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
This is yet another blow for Apple after more than 300 apps in its App Store were found to be built using malicious code last month.