Privacy issue is getting more serious. Not even an advanced IT company, like Apple, can guarantee your privacy. Recently, Apple had to remove 250 apps from its iStore after getting complaints from security experts. Later, further investigation discovered an advertising network was behind the issue. Violating Apple’s policy, this network used iStore apps to hijack user’s private information. Once installed, it would siphon all your private information. Not even your email address and phone number would escape.
So, why would security experts laid their hand on these apps? First, most of these apps came from China. Look, we don’t want to discriminate Chinese developers. However, we can’t exclude the fact that many vicious apps come from China. So, as we believe prevention is better than cure, rising our awareness over China-related apps is better than losing privacy.
Next, all the apps used Youmi SDK to build their ads. You may never heard about this Apple SDK before. Well, don’t worry. You’re not alone. This is not a popular SDK for a reason. It may help you to build apps and ads. In fact, it might be easier to use Youmi than any SDK, but please beware. Youmi is also known for siphoning off user data. Any app built with Youmi will steal and upload user data to Youmi own server.
If Youmi was so dangerous, why it took so long for Apple to remove the apps?
Can you imagine how long it will take to screen 1,500,000 apps? Well, that’s how long Apple take. It may take a long for Apple to remove the threats, but it doesn’t mean the company has no idea about Youmi at all.
Youmi was first identified by Purdue University researchers. At first, they though it was just a minor issue. They thought it was harmless, until SourceDNA made a discovery. They tried to build an app using Youmi and planted malicious script inside. Normally, it won’t pass app review process. However, something weird happened. Apple accepted the app and placed it at iStore. That’s when everything began to change.
Wait, isn’t it impossible?
Well, let’s take a look at Youmi SDK. If you want to learn how dangerous a malicious script is, learn the API. In this case, let’s have a look at how Youmi use private API. It’s a series of command built into Apple itself for its iOS. Due to stability and security reasons, all third-party developers are given no access to use these commands. However, Youmi broke the rule. Youmi’s code deploy 4 commands: list of installed apps, record device serial number, list serial number from any peripheral, and write down user’s Apple ID.
In other words, Youmi stabs your back. While you’re enjoying the app, it steals your private information. Most users won’t realize this activity, since it was done in secret.
So, what did Apple say about this?
Learning from this incident, Apple continued, all future apps submitted using Youmi SDK will be rejected. Meanwhile, Apple will ensure none of this will happen in the future. They’re working with developers to help them understand the risks. If they want people to love their apps, then they should first give what people want. Stealing user’s information is certainly not one of them.
Is there a way to protect yourself from malicious Apple apps?
The internet is like a heaven for everyone and everything. That includes good and bad stuffs. You can get everything you like from the web. At the same time, bad stuffs can get into your device. So, what can you do?
Should you just wait until Apple or Google remove the malicious apps?
Perhaps, you can do that. Just perhaps, because we won’t recommend that. Malicious apps are evolving every second. While you wait for Apple or Google to remove them, perhaps they’ve already inside your device.
Now, let us ask you the same question. Should you wait for them?
NO, of course. If you have better alternative, why should you wait for them?
So, what can you do?
You have us: VPN Asia. We are the world’s #1 non-logging VPN provider. When privacy is at risk, we are here to give your freedom back.
Think about this. If you’re surrounded with privacy threats, what’s the best option to keep you safe?
Anonymous access. No one will know your true identity on the web. You’re free to access any content you like.
Geo-restricted content. Governments are the worst when it comes it privacy. They want to know everything you do on the web. Does it mean privacy hijacking? Sure, it does. That’s why we give you geo-restricted content. Feel free to access any content on the web. There won’t be any error message saying you can’t enjoy the content due to location error.
Advanced security. When you are with us, no one and nothing can touch you. Of course, unless you tell it to. Equipped with PPTP, L2TP, and OpenVPN protocols, we strive to keep you safe.