Code analytics platform SourceDNA has found hundreds of apps on the App Store that used private APIs to collect private user data, like email addresses and device identifiers, slipping under Apple’s radar in the approval process. The code got into these apps through the inclusion of a mischievous third-party advertising SDK, which secretly stored this data and sent it off to its own servers.

Apple has now verified the SourceDNA report and is removing all of the apps that included the advertising SDK from the store, as using private API calls is a breach of App Review Guidelines. Apple has also patched its approval processes to prevent any more apps that use this technique to make it onto the App Store.

expand full story