Become a MacRumors Supporter for $25/year with no ads, private forums, and more!

MacRumors

macrumors bot
Original poster
Apr 12, 2001
56,619
19,368



It appears Apple may be cracking down on some VPN-based ad blockers that are designed to block ads in third-party apps, based on a recent interaction iOS developer Tomasz Koperski had with Apple's App Store review team.

Koperski is the CTO of Future Mind, a software company that produces AdBlock, Weblock, and Admosphere, three ad blocking apps. When submitting an update for AdBlock for iOS, a VPN-based ad blocking app, it was rejected.

adblockforios-800x470.jpg

Upon appeal to the App Review Board, Koperski was told Apple is no longer allowing VPN/root certificate-based ad blockers on the App Store and will not be accepting updates of existing ad blockers that use those techniques going forward. According to Apple, Future Mind's AdBlock app violates section 4.2 of the App Store Review Guidelines, which dictates that apps must be useful, unique, and "app-like."

Specifically, the app violated section 4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description," and to get even more specific, Future Mind was told the update was rejected because "Your app uses a VPN profile or root certificate to block ads or other content in a third-party app, which is not allowed on the App Store."

Koperski was told that Safari content blockers, introduced in iOS 9, will be the only Apple-supported ad blockers going forward, and those ad blockers are limited to use in the Safari web browser.
After submitting an appeal to the App Review Board, a member of the Review Team contacted me directly via phone and informed that Apple has officially changed their policy regarding VPN/root certificate based ad blockers on the App Store and is no longer accepting updates of apps, which directly block content in third party apps. The only officially allowed ad blocking method is now Safari Content Blockers.
Koperski says that the change marks a major shift in Apple's ad blocking policy, as Future Mind has had its ad blocking products in the App Store for the past five years. AdBlock, the app that Apple rejected, has been available for purchase since 2014, and it was one of the first VPN-based ad blockers able to block ads in all apps locally on both Wi-Fi and Cellular.

There are dozens of similar ad blocking apps available in the App Store at the current time, some that were updated as recently as June. It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize.

Apple has recently undertaken a major overhaul of the App Store, eliminating clone apps, outdated apps, and more, so it's possible this new crackdown is a part of that effort. Since late 2015, Apple marketing chief Phil Schiller has been overseeing the App Store and has enacted some significant changes.

Future Mind was told the AdBlock app could be updated if it switches from ad blocking via VPN to the Safari Content Blocker, but the company is worried about upsetting customers who paid for the ability to block ads in both Safari and in apps. The company has not yet decided what to do and is mulling several possible choices, including leaving the app as is, expanding existing functionality into a VPN service, or transitioning to a Safari-only blocker.

Article Link: Apple Cracking Down on VPN-Based Ad Blockers That Work in Third-Party Apps
 

shareef777

Suspended
Jul 26, 2005
2,445
3,276
Chicago, IL
I've had Adblock since it was first available. It's pretty hit or miss on functionality. I would have to frequently launch the app and re-launch Safari for the blocking to function.
 
  • Like
Reactions: lostczech

zorinlynx

macrumors 604
May 31, 2007
7,203
13,803
Florida, USA
Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.
 

Sasparilla

macrumors 68000
Jul 6, 2012
1,705
2,896
There's something rather disturbing / unsettling about this.

>> It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize. <<

Certainly don't want Apple to prioritizing monetizing their users experiences and start viewing advertisers and media companies as customers (advertisers and media companies). Google, Microsoft, Facebook, Comcast etc. would be waiting to welcome them aboard.
 

Stridder44

macrumors 68040
Mar 24, 2003
3,971
171
California
Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.

This right here is exactly why it these apps are being pulled. I'm just surprised it took long before Apple started rejecting them.
 

fede777

macrumors member
May 10, 2017
47
173
I got it free a while ago but I deleted it a couple of days ago, because I have just 2 apps with ads, Terminology and Overcast, and it only worked in Terminology.
 
  • Like
Reactions: sd70mac

Nermal

Moderator
Staff member
Dec 7, 2002
19,477
2,086
New Zealand
I don't use this app so can't speak for how it works, but could you still manually install the certificate yourself? Could the app then use that installed certificate if it's present?
 
  • Like
Reactions: quadt89

jarman92

macrumors 65816
Nov 13, 2014
1,023
2,987
There's something rather disturbing / unsettling about this.

>> It's not clear why Apple has changed its policy after so many years, but many apps, including native apps like Apple News, feature ads as a way to monetize. <<

Certainly don't want Apple to prioritizing monetizing their users experiences and start viewing advertisers and media companies as customers (advertisers and media companies). Google, Microsoft, Facebook, Comcast etc. would be waiting to welcome them aboard.

I see the concern, but I think the larger issue is with third-party developers. If I make an app for iOS and can't make money because so many people are using AdBlock/Weblock to block ads in my app, I'll stop developing for iOS. Apple needs to take steps to protect the revenue streams of their developers, not necessarily for themselves. Annoying, sure, but nobody pays for apps anymore so...
 

ck2875

macrumors 65816
Mar 25, 2009
1,019
2,857
Brighton
Also, "Specifically, the app violated section 4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description" is such a BS excuse from Apple.

Apple just gave an Apple Design award to Black Box in June, which is a game that makes use of essentially every single API of the phone as a manner of progressing through the puzzles, and I'm pretty sure turning Airplane mode on and adjusting your volume to solve a puzzle isn't using those APIs "for their intended purposes."

Apple literally praised them for using the APIs in novel ways in their Design Award announcement... https://developer.apple.com/design/awards/#blackbox

"Additionally, by using CoreAudio, CoreLocation, Core Telephony, AVCaptureSession, iCloud, and GameCenter in novel ways, this app takes advantage of an enormous range of iOS technologies."

So it really isn't about AdBlockers using the APIs in unexpected ways. It's that they don't want you to block advertisements
 

Rigby

macrumors 603
Aug 5, 2008
6,026
9,894
San Jose, CA
This is crazy. So many apps have gone overboard with annoying, interpreting ads. I hope some vpn service will start offering reliable ad blocking.
This isn't really possible without compromising your security. Apple requires apps to use encrypted network connections for most purposes ("App Transport Security"). In order to block ads in an app, the VPN would have to break the encryption, since otherwise it couldn't recognize and remove the ads. This is why the ad blocker apps mentioned in the article install additional certificates, which basically allow them to run a man-in-the-middle attack. Of course, these methods can just as well be used to sniff the traffic of your banking apps ...
 

Analog Kid

macrumors 604
Mar 4, 2003
6,801
6,626
I can't keep track of all the ad blocking extensions any more, but is the AdBlock extension for Safari on Mac also VPN based?
 

Jailbreaking Bad

macrumors newbie
Jul 14, 2017
9
3
As an aggressive adblock user, I ain't worrying, adblocker at router level have got it covered. I'm glad I didn't purchased this app around the time I learned about that my router could block ads for me instead.
 
  • Like
Reactions: max2

saudor

macrumors 65816
Jul 18, 2011
1,202
1,350
This was already starting to stop working after iOS 9.3.3 (certain ads were getting through)
 

koper

macrumors newbie
Nov 30, 2012
4
13
Ad blocking using a VPN, and worse, root certificates, sounds like a potential security nightmare waiting to happen, and I can 100% see why Apple would ban them from the store.

With a third party root certificate installed, this app can intercept your banking information or pretty much anything you do online.

It does not install root certificate. There's even no actual VPN server on the other side. Blocking happens right on the device. Have a look at the app descr.
[doublepost=1500081438][/doublepost]
This isn't really possible without compromising your security. Apple requires apps to use encrypted network connections for most purposes ("App Transport Security"). In order to block ads in an app, the VPN would have to break the encryption, since otherwise it couldn't recognize and remove the ads. This is why the ad blocker apps mentioned in the article install additional certificates, which basically allow them to run a man-in-the-middle attack. Of course, these methods can just as well be used to sniff the traffic of your banking apps ...

Just to clarify - it's not true. Ad blocking happens on the DNS/domain level right on the device. There is no VPN server on the other side of the tunnel, so no sensitive data is sent out. AdBlock doesn't install root certificates.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.