SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Apple Boots Apps for Violating Privacy Policies

Posted on November 25, 2015

The Mac App Store recently booted 256 apps for violating store-wide privacy policies. According to a report from Tech Republic, Apple pulled the apps for their use of a “Chinese advertising software development kit.” Said another way, these apps were built in such a way that they collected a considerable amount of customer data. That data collection conflicted with the rules of the Mac App Store and has now resulted in the deletion of the apps in question.

A Sneaky Data Theft Operation

The silver lining for customers is that the actual developers of these 256 different apps probably did not intend to gather user information—or, for that matter, even know that the data collection was taking place. On the contrary, the data that was collected—which included user email addresses, device serial numbers, lists of the other programs installed on the device, and more—wasn’t even sent back to the developers themselves.

Instead, the data was delivered to Youmi, a company that the Tech Republic report describes as a “mobile advertising provider.” The designers of the software development kit created the kit for the purpose of collecting customer data, and Youmi was the beneficiary of that collection. It is unclear whether or not Youmi was directly behind the software development kit. All of the developers that used the software development kit, though, had their apps affected by the data collection system—and therefore, had their apps removed from the Mac App Store.

The Apple System: Not As Thorough As We Thought?

For years now, the idea of the Mac App Store as the industry’s “most secure” app market has been parroted ad nauseam. The Google Play app store allows for open source apps and makes it significantly easier for developers to offer their apps for sale in the marketplace. As a result, many users of Android devices have been encouraged to be careful about the apps they download from the Google Play store, whether that means reading the reviews or only downloading apps from trusted developers. Apple hasn’t had to deal with the same disclaimer since Apple officials supposedly check every app before it is uploaded to the App Store.

To be fair, Apple did eventually realize that these 256 Chinese-language apps were collecting user information in a way that went against their privacy policies. Supposedly, though, by the time Apple discovered the issue and pulled the apps, the data collection had already been going on for several months—and becoming more invasive as time went along. Is the screening protocol that apps must go through to reach the Mac App Store as thorough as we thought it was? Or does Apple need to take another look to make sure that their mobile app market remains the most secure in the industry?

So far, Apple hasn’t revealed a full list of the apps that were pulled. Only the Chinese version of the McDonald’s app has been named as one of the 256 affected apps.


Join our mailing list for the latest security news and deals