Emerging Threats

Apple pulls over 200 apps from App Store due to privacy violations


Authored by a Symantec employee

 

You may have read about Apple pulling over 250 iOS apps from the App Store for various privacy violations. This was because these apps used the Youmi advertising software development kit (SDK), which is also used in Android app development. Apple pulled the apps from its App store because this behavior was in violation of their security and privacy policies. Symantec and Norton products have blocked this particular development kit since February 2015. Norton products detect the Android variant of Youmi as Android.Youmi.

Analysis of the Android variant of Youmi found that it could compromise the user’s privacy by remotely sending the following information to an attacker:

  • Device location (such as GPS coordinates and cell tower location)
  • Device-identifying information (such as International Mobile Station Equipment Identity (IMEI), kernel version, phone manufacturer, or phone model details)
  • Network operator locations
  • Phone numbers
  • A list of all applications installed on the iOS device
  • The platform serial number of iPhones and iPads running older versions of iOS
  • A list of hardware components and the serial numbers for devices running new versions of iOS
  • The Apple ID email address associated with the iOS device

In addition to stealing information, the ad library was also found to be downloading and requesting the installation of new applications, and creating shortcut advertisements on the home screen.

In a statement, Apple confirmed that all 256 apps used the Youmi SDK, and were gathering information about the user and routing it back to a remote server.

This is the second time Apple has recently removed apps from the App Store due to compromising user’s privacy. In September, Apple removed dozens of Chinese-language iOS apps infected with XcodeGhost malware which allowed attackers to hijack browsers and create fake phishing alerts to steal usernames and passwords.

How To Stay Protected:

  • Delete the app and wait for a new version of the app to be made available
  • Watch out for any suspicious emails or push notifications to your device asking for your Apple credentials, or any personally identifying information


Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.

© 2018 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.