Apple has deleted hundreds of apps from the App Store after a security firm discovered they were harvesting private user data such as email addresses and device IDs.
A full list of culprits has yet to be announced, but most (if not all) of the 256 offending apps originate from the Chinese App Store – much like last month’s XcodeGhost fiasco – and wouldn’t have been available to iPhone users from America and Europe. So you can breathe a little easier if you’re based in the West.
Still, it shows a slightly worrying lapse of judgment from the App Store review team that rogue apps like these went unnoticed. Nate Lawson from SourceDNA says it’s “definitely the kind of stuff that Apple should have caught.” Apple is infamous for its strict “walled garden” App Store policy, and this kind of security lapse is pretty uncommon on iOS.
Apple has taken swift action, removing all apps using the offending API. It has warned developers not to trust the company that created the ad platform and its malicious code, and will reject any apps including it in future.
Apple has removed hundreds of iOS apps from the App Store for capturing private user data: http://t.co/YvFHKKnPAn
— TapSmart (@TapSmart) October 19, 2015