Apple Cracking Down on VPN-Based Ad Blockers That Work in Third-Party Apps

[MacRumors]

It appears Apple may be cracking down on some VPN-based ad blockers that are designed to block ads in third-party apps, based on a recent interaction iOS developer Tomasz Koperski had with Apple's App Store review team.

Koperski is the CTO of Future Mind, a software company that produces AdBlock, Weblock, and Admosphere, three ad blocking apps. When submitting an update for AdBlock for iOS, a VPN-based ad blocking app, it was rejected.

Upon appeal to the App Review Board, Koperski was told Apple is no longer allowing VPN/root certificate-based ad blockers on the App Store and will not be accepting updates of existing ad blockers that use those techniques going forward. According to Apple, Future Mind's AdBlock app violates section 4.2 of the App Store Review Guidelines, which dictates that apps must be useful, unique, and "app-like."

Specifically, the app violated section 4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description," and to get even more specific, Future Mind was told the update was rejected because "Your app uses a VPN profile or root certificate to block ads or other content in a third-party app, which is not allowed on the App Store."

Koperski was told that Safari content blockers, introduced in iOS 9, will be the only Apple-supported ad blockers going forward, and those ad blockers are limited to use in the Safari web browser.

After submitting an appeal to the App Review Board, a member of the Review Team contacted me directly via phone and informed that Apple has officially changed their policy regarding VPN/root certificate based ad blockers on the App Store and is no longer accepting updates of apps, which directly block content in third party apps. The only officially allowed ad blocking method is now Safari Content Blockers.

Koperski says that the change marks a major shift in Apple's ad blocking policy, as Future Mind has had its ad blocking products in the App Store for the past five years. AdBlock, the app that Apple rejected, has been available for purchase since 2014, and it was one of the first VPN-based ad blockers able to block ads in all apps locally on both Wi-Fi and Cellular.

There are dozens of similar ad blocking apps available in the App Store at the current time, some that were updated as recently as June. It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize.

Apple has recently undertaken a major overhaul of the App Store, eliminating clone apps, outdated apps, and more, so it's possible this new crackdown is a part of that effort. Since late 2015, Apple marketing chief Phil Schiller has been overseeing the App Store and has enacted some significant changes.

Future Mind was told the AdBlock app could be updated if it switches from ad blocking via VPN to the Safari Content Blocker, but the company is worried about upsetting customers who paid for the ability to block ads in both Safari and in apps. The company has not yet decided what to do and is mulling several possible choices, including leaving the app as is, expanding existing functionality into a VPN service, or transitioning to a Safari-only blocker.

Article Link: Apple Cracking Down on VPN-Based Ad Blockers That Work in Third-Party Apps

 

[shareef777]

I've had Adblock since it was first available. It's pretty hit or miss on functionality. I would have to frequently launch the app and re-launch Safari for the blocking to function.

 

[zorinlynx]

Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.

 

[Apple_Robert]

Disappointed to see this.

If I am not mistaken, Adguard Pro has a VPN option, that allows ones to block ads in third party apps. I have been using it and really like it. I need to make sure to download the app and others like it, so that I will have access to them.

 

[itsmilo]

Seriously, middle finger emoji

Better stop auto updates so i can keep adguard

 

[ck2875]

Well that sucks. This is such a well-designed app. The ability to switch it on and off from the widget was great. I also appreciated how it didnt show the VPN tag in the upper left when it was turned on.

 

[LoveToMacRumors]

Ohhhh thats why its not working!!!!!

 

[goaliemn]

This is crazy. So many apps have gone overboard with annoying, interpreting ads. I hope some vpn service will start offering reliable ad blocking.

 

[Sasparilla]

There's something rather disturbing / unsettling about this.

>> It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize. <<

Certainly don't want Apple to prioritizing monetizing their users experiences and start viewing advertisers and media companies as customers (advertisers and media companies). Google, Microsoft, Facebook, Comcast etc. would be waiting to welcome them aboard.

 

[Stridder44]

Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.

This right here is exactly why it these apps are being pulled. I'm just surprised it took long before Apple started rejecting them.

 

[fede777]

I got it free a while ago but I deleted it a couple of days ago, because I have just 2 apps with ads, Terminology and Overcast, and it only worked in Terminology.

 

[Apple_Robert]

I wonder if the Private Internet Access app will lose the adblocking feature. It does a good job as well.

 

[Nermal]

I don't use this app so can't speak for how it works, but could you still manually install the certificate yourself? Could the app then use that installed certificate if it's present?

 

[TheFluffyDuck]

If somebody has gone to the effort of installing a VPN to block ads. Maybe just let them do that. It can't be a huge number of users. Penny pinching Apple. Right up there with the 99 cents for 3 month trial.

 

[jarman92]

There's something rather disturbing / unsettling about this.

>> It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize. <<

Certainly don't want Apple to prioritizing monetizing their users experiences and start viewing advertisers and media companies as customers (advertisers and media companies). Google, Microsoft, Facebook, Comcast etc. would be waiting to welcome them aboard.

I see the concern, but I think the larger issue is with third-party developers. If I make an app for iOS and can't make money because so many people are using AdBlock/Weblock to block ads in my app, I'll stop developing for iOS. Apple needs to take steps to protect the revenue streams of their developers, not necessarily for themselves. Annoying, sure, but nobody pays for apps anymore so...

 

[ck2875]

Also, "Specifically, the app violated section 4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description" is such a BS excuse from Apple.

Apple just gave an Apple Design award to Black Box in June, which is a game that makes use of essentially every single API of the phone as a manner of progressing through the puzzles, and I'm pretty sure turning Airplane mode on and adjusting your volume to solve a puzzle isn't using those APIs "for their intended purposes."

Apple literally praised them for using the APIs in novel ways in their Design Award announcement... https://developer.apple.com/design/awards/#blackbox

"Additionally, by using CoreAudio, CoreLocation, Core Telephony, AVCaptureSession, iCloud, and GameCenter in novel ways, this app takes advantage of an enormous range of iOS technologies."

So it really isn't about AdBlockers using the APIs in unexpected ways. It's that they don't want you to block advertisements

 

[OneMike]

Understanding how vpn works. The amount of trust you have to put into the company providing the service, and how bad this can go. I understand why Apple made this decision.

 

[Rigby]

This is crazy. So many apps have gone overboard with annoying, interpreting ads. I hope some vpn service will start offering reliable ad blocking.

This isn't really possible without compromising your security. Apple requires apps to use encrypted network connections for most purposes ("App Transport Security"). In order to block ads in an app, the VPN would have to break the encryption, since otherwise it couldn't recognize and remove the ads. This is why the ad blocker apps mentioned in the article install additional certificates, which basically allow them to run a man-in-the-middle attack. Of course, these methods can just as well be used to sniff the traffic of your banking apps ...

 

[Braderunner]

You gotta be ****ing kidding me!!!

 

[BootsWalking]

Now you know why every major site pesters you to use their dedicated app instead of Safari. It's to defeat Safari's content ad blocking.

 

[filman408]

Maybe related to this?
https://medium.com/@johnnylin/how-to-make-80-000-per-month-on-the-apple-app-store-bdb943862e88

 

[Analog Kid]

I can't keep track of all the ad blocking extensions any more, but is the AdBlock extension for Safari on Mac also VPN based?

 

[Jailbreaking Bad]

As an aggressive adblock user, I ain't worrying, adblocker at router level have got it covered. I'm glad I didn't purchased this app around the time I learned about that my router could block ads for me instead.

 

[saudor]

This was already starting to stop working after iOS 9.3.3 (certain ads were getting through)

 

[koper]

Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.

It does not install root certificate. There's even no actual VPN server on the other side. Blocking happens right on the device. Have a look at the app descr.
[doublepost=1500081438][/doublepost]

This isn't really possible without compromising your security. Apple requires apps to use encrypted network connections for most purposes ("App Transport Security"). In order to block ads in an app, the VPN would have to break the encryption, since otherwise it couldn't recognize and remove the ads. This is why the ad blocker apps mentioned in the article install additional certificates, which basically allow them to run a man-in-the-middle attack. Of course, these methods can just as well be used to sniff the traffic of your banking apps ...

Just to clarify - it's not true. Ad blocking happens on the DNS/domain level right on the device. There is no VPN server on the other side of the tunnel, so no sensitive data is sent out. AdBlock doesn't install root certificates.