Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data

kdarling said:
Exactly. Almost everyone mistakenly thinks that Apple can safely vet apps for malware. But malware can easily set a timer to only enable itself after App Store testing is over with.

This is why the best safety comes when third party groups constantly monitor apps for malware after they're released to an app store.
Click to expand...

No, Apple themselves need to address this post-approval malware. They are in the best position to detect and address apps with dodgey code but they need to step up their game. Based on popularity, apps should be given a live check to see if their profile is significantly different than those at approval time.

3rd party security services will always be useful, but Apple themselves should be doing a better job catching malware in the first place.
 
calisurfboy said:
One of the downfalls of the video game industry was the lack of quality control during the 80's and the mass production of absolute crap that made it onto shelves.

The app store was amazing but now I rarely look through it. It is an endless sea of crap and has been this way for the past few years. It wouldn't be as bad if Apple implemented a more functional and advanced search feature but they have not yet up to this point. Since they are so controlling of their environment, why do not they not implement a quality control such as what Nintendo did with the NES and their "seal of quality" companies had on their games to show they were properly licensed and checked by Nintendo?
Click to expand...

Both the App Store and the iTunes Store are in dire need of a UI overhaul.

Proper categorisation is needed with multiple filters. And in the UK, the lag that befalls both of them needs to be eliminated.
 
  • Like
Reactions: dk001, Analog Kid and S G
Cuban Missles said:
Why does Apple allow these private APIs to begin with? Is it not something they can disable to avoid this problem in the future? I mean the reality is that you do not need the SDK to leverage the APIs. If you are an app developer you could write code to leverage them directly. How is Apple monitoring for this?
Click to expand...
That's due to the nature of Objective-C. In Objective-C, there aren't any real private APIs. They might be hidden, but you can always access them if know how to. It's also not that difficult to fool the automatic app review process with method calls generated at runtime, which is exactly what they did here.

And why Apple does this then? It's either because they need to use it themselves, but for security and privacy reasons don't allow developers to use them (this case) or to test out new features before releasing them to developers (for example with the new 3D Touch on the iPhone 6s, developers have access to a property called force, but there is actually another private API called pressure, which they might make public at some point)
 
  • Like
Reactions: appledefenceforce
More details in the article about the apps or something would be useful.
 
newellj said:
I am getting so tired of this. I'm going to do something concrete about this.

I'm going to cut out the middleman and sign up with a Chinese ISP so that all my data can go directly to the Chinese. :eek:
Click to expand...

You will probably make it harder for them if you moved to a Chinese ISP ;)
 
pavinder said:
So where is a list of the apps?

Absolutely no use for users to know the problem exists but not be told what to look for.
Click to expand...
Exactly.

Apple, I'm all ears.
proecoute.gif
 
  • Like
Reactions: Benjamin Frost
YouCanCallMeBigDaddy said:
Look on the bright side. They have collected so much personal data from so many people that it would have to take years to sort thru. Your chances of having something bad happen are probably little to none.
Click to expand...

This amount of data is not sorted through by actual human beings. There are devices called computers that help to sort this through much faster. ;)
 
Rigby said:
It isn't. In Objective C it's possible to construct API calls at runtime, so there's no easy way to discover them using static code analysis. And you can implement various methods to try and avoid making the calls while the app is in the review process.
Click to expand...

They could contact VW for some tips on how to avoid detection.
 
  • Like
Reactions: Benjamin Frost
NMBob said:
There needs to be a version of Little Snitch for iOS. Or if they are testing these apps in the simulator a copy of Little Snitch on that machine should be able to point out exactly what's going on. The list of things we find out Apple doesn't check gets longer.
Click to expand...
I'm sure they are monitoring network activity while testing the apps. Unfortunately it's not that easy to separate malicious from legitimate traffic unless you already know what to look for.

There are many ways to obfuscate surreptitious activities, and Apple cannot possibly do an in-depth analysis of every single app given the huge number of submissions.
 
  • Like
Reactions: kdarling
jdillings said:
Apple should start banning these developers and their apps permanently. They need to have a zero tolerance policy for this stuff. Same goes for the XcodeGhost developers.
Click to expand...
I don't think the individual app developers intended for this to happen - they were looking to monetize their apps with a 3rd party Ad API - and that 3rd party API was malicious. Banning the individual app developers would be overkill, so would banning all 3rd party APIs (remember when this happened with Flurry Analytics, Steve talked about it in 2010 at All Things D).
 
calisurfboy said:
One of the downfalls of the video game industry was the lack of quality control during the 80's and the mass production of absolute crap that made it onto shelves.

The app store was amazing but now I rarely look through it. It is an endless sea of crap and has been this way for the past few years. It wouldn't be as bad if Apple implemented a more functional and advanced search feature but they have not yet up to this point. Since they are so controlling of their environment, why do not they not implement a quality control such as what Nintendo did with the NES and their "seal of quality" companies had on their games to show they were properly licensed and checked by Nintendo?
Click to expand...

Same here . Who's got time to look through hundreds of thousands of apps?
When you then do a specific search to see if an app would solve your issues, you get 4 and 5 star reviews which sometimes seem written by the people who made the app or their friends.
Then there is a "lite" version, a standard and a professional version.

While : " There is an app for that " is preferred by younger people old farts like me still can do stuff just with our brains.
 
  • Like
Reactions: dk001, Benjamin Frost and S G
Baff said:
Very stupid that they aren't publishing the list of apps. Apple removing them from the store does nothing to protect those of us who might already have the apps on our phones.
Click to expand...

You could just go to the app store on your iPhone or iPad, go to purchased and click on update all and see what happens. If your app is no longer there delete it.

Just an idea.
 
eac25 said:
That's exactly the belief those that collect large swaths of data about you want you to have...
Click to expand...

Reminds me of what the developers of "King Root" (a Chinese rooting tool for Android which calls back to Chinese servers) always say, which is something along the lines of:

"We don't collect IMEI numbers, that would require massive bandwidth and servers as large as Google's because of how many millions of people use our root app." Those are, what, 16 digits? So if you had a million IMEIs that would be about 16 MB in terms of C strings (char[]).

I'm fairly certain that having too much stolen data isn't a hinderance for the people who want it.
 
jettredmont said:
So, another issue with wide swathes of apps from China. Not to be nationalist over this, but it seems there is a clear disease running through China putting its product on par with former-Soviet countries in terms of general trustability. The fact that this private information is being sent through the Great Firewall of China and not being hindered by that at all seems significant (Chinese developers complain that it is too slow to download Xcode across that firewall, but sending all this data from millions of phones and devices around the world to their servers over the same firewall is business as usual?)

"Something is rotten in the state of Denmark" seems an understatement.

I trust any corporation about as far as I can throw them, but it seems those residing in China give even less of a pause before assuming that anything they can grab is fair game.

When will apps start displaying "Designed and developed in the USA" badges?
Click to expand...

You'd have to be naive to think that there aren't rogue developers here too. Although point taken that sometimes it seems like everything under the sun that could be counterfeit or somehow illegitimate has some origin in China these days.
 
asmartkid82 said:
I think the real question is: How many apps (and how long) have been making use of private APIs using similar techniques? How many apps do we have in our devices that have bypassed App Store validation using similar procedures? And I assure you, as a developer, that this is not a difficult thing to do at all…
Click to expand...

I bet Apple is covering their butt in advance, they haven't become a target of a mayor hack just because I do not know why. But it is a matter of time. Lets start by fixing the apps they may say.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back