In a statement given to SourceDNA, Apple has confirmed this on Monday, “We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”
Apple does not permit third party applications to share information of his user without acquiring user’s consent, and it rejects applications that oblige users to share individual data, for example, email addresses, serial number and other personal information.
The researchers’ claim they found have 256 iOS apps till now with an estimated one million downloads that have a version of Youmi that fail to comply with user privacy. SourceDNA researchers have found four major classes of information collected by apps that use the Youmi ad SDK. This include:
1. Enumerate the list of installed apps or get the front most app name
2. Get the platform serial number
3. Enumerate devices and get serial numbers of peripherals
4. Get the user’s AppleID (email)