{"id":12607,"date":"2015-10-20T15:52:04","date_gmt":"2015-10-20T19:52:04","guid":{"rendered":"http:\/\/mjtsai.com\/blog\/?p=12607"},"modified":"2015-10-20T15:52:04","modified_gmt":"2015-10-20T19:52:04","slug":"ios-apps-that-collect-users-personal-info","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2015\/10\/20\/ios-apps-that-collect-users-personal-info\/","title":{"rendered":"iOS Apps That Collect Users&rsquo; Personal Info"},"content":{"rendered":"<p><a href=\"http:\/\/arstechnica.com\/security\/2015\/10\/researchers-find-256-ios-apps-that-collect-users-personal-info\/\">Dan Goodin<\/a>:<\/p>\n<blockquote cite=\"http:\/\/arstechnica.com\/security\/2015\/10\/researchers-find-256-ios-apps-that-collect-users-personal-info\/\"><p>The apps, which at most recent count totaled 256, are significant because they expose a lapse in Apple&rsquo;s vetting process for admitting titles into its <a href=\"https:\/\/itunes.apple.com\/us\/genre\/ios\/id36\">highly curated App Store<\/a>. They also represent an invasion of privacy to the one million people estimated to have downloaded the apps. The data gathering is so surreptitious that even the individual developers of the affected apps are unlikely to know about it, since the personal information is sent only to the creator of the software development kit used to deliver ads.<\/p><p>&ldquo;This is the first time we&rsquo;ve found apps live in the App Store that are violating user privacy by pulling data from private APIs,&rdquo; Nate Lawson, the founder of <a href=\"http:\/\/sourcedna.com\/\">security analytics startup SourceDNA<\/a>, told Ars, referring to the application programming interfaces built into iOS. &ldquo;This is actually an obfuscated toolkit for extracting as much private information as it can. It&rsquo;s definitely the kind of stuff that Apple should have caught.&rdquo;<\/p><\/blockquote>\n<p><a href=\"http:\/\/arstechnica.com\/security\/2015\/10\/researchers-find-256-ios-apps-that-collect-users-personal-info\/\">Apple<\/a>:<\/p>\n<blockquote cite=\"http:\/\/arstechnica.com\/security\/2015\/10\/researchers-find-256-ios-apps-that-collect-users-personal-info\/\"><p>We&rsquo;ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Dan Goodin: The apps, which at most recent count totaled 256, are significant because they expose a lapse in Apple&rsquo;s vetting process for admitting titles into its highly curated App Store. They also represent an invasion of privacy to the one million people estimated to have downloaded the apps. The data gathering is so surreptitious [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"","apple_news_api_id":"","apple_news_api_modified_at":"","apple_news_api_revision":"","apple_news_api_share_url":"","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[354,91,31,26,355],"class_list":["post-12607","post","type-post","status-publish","format-standard","hentry","category-technology","tag-advertising","tag-appstore","tag-ios","tag-iosapp","tag-privacy"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=12607"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12607\/revisions"}],"predecessor-version":[{"id":12608,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/12607\/revisions\/12608"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=12607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=12607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=12607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}