Nick Statt, writing for The Verge:
Apple today removed more than 250 apps from its App Store that were using software from a Chinese advertising company that secretly accessed and stored users’ personal information. The firm, called Youmi, provided app makers with a software development kit that would glean which apps a user had downloaded, that user’s email address, and the serial number of their smartphone, according to mobile security company SourceDNA. The apps in total received 1 million downloads.
The app makers that relied on Youmi’s SDK, most of which are based in China, may not have knowingly violated Apple’s security and privacy guidelines. “We believe the developers of these apps aren’t aware of this since the SDK is delivered in binary form, obfuscated, and user info is uploaded to Youmi’s server, not the app’s. We recommend developers stop using this SDK until this code is removed,” reads SourceDNA’s blog post.