Apple this evening has removed a handful of apps from the App Store that install root certificates of their own. By installing their own root certificate, the app developers could theoretically gain access to encrypted traffic from users. Among some of the apps being removed are a select number of ad blockers. The ad blockers that have been removed are ones that block content both in Safari and in other apps.
Sylvania HomeKit Light Strip
The process that developers went through to be able to block ads in third-party apps is basically setting up a VPN where all traffic is run through the developer’s servers to remove the ads. This is a process that, obviously, could be used for malicious practices.
One of the most prominent apps that has been removed is ad blocker Been Choice, which performs essentially the exact aforementioned process of installing a root certificate on the device. Been Choice, because it did this, was able to block ads inside other apps.
Apple said in a statement to TechCrunch that it removed “a few apps” because they compromise SSL/TLS security solutions. The company also noted, however, that it is working with the developers of the removed apps to get them back onto the App Store with more security measures in place.
Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.
Whether or not these apps will return with the capability of blocking content inside other apps remains to be seen, but given that Apple doesn’t offer an official method by which to do that, it seems unlikely.