Chinese Ad Company Apologizes For Violating iOS App Store Policies To Slurp User Data

Following the philosophy that it's sometimes better to ask for forgiveness than for permission, a Chinese mobile advertising firm wants Apple and iOS users to know it's sorry for running afoul of Apple's App Store rules by sneakily plucking user data through hundreds of mobile apps that have been downloaded over a million times.

Guangzhou Youmi Mobile Technology Co. (Youmi from here on out) was caught collecting email addresses, device IDs, and other private information through more than 250 apps built with a software development kit (SDK) it offers to developers. The developers may not have even known what was going on.

App Store Icon

How so? Affected apps were using what's called a private application programming interface (private API) to extract sensitive data from users and send it to Youmi. Apple prohibits the use of private APIs in iOS apps offered in its App Store, though obviously it needs to do a better job at weeding this sort of thing out.

"Given how simple this obfuscation is and how long the apps have been available that have it, we're concerned other published apps may be using different but related approaches to hide their malicious behavior," analytics service SourceDNA, which blew the whistle on these apps, stated in a blog post.

Youmi is claiming that its software was developed to protect advertisers and developers from fraud, adding that "it's not a 'security breach' as some one-sided media have reported," according to The Wall Street Journal. The company also offered up its "sincerest apologies" and is working with Apple to lift the ban on apps coded with its SDK, presumably once the private API is removed.