Well, China's government may not be slurping but their software people have learned well from the US. Given what they pulled off, they may have just hit the big time with the likes of Google and MS.
Zombie iOS APIs used to slurp private data
Up to a million iOS users' Apple IDs and device serial numbers were harvested by a software development kit (SDK) that accessed so-called “private APIs”. The information harvested by the Youmi advertising SDK from China was then sent back to Youmi servers, according to SourceDNA. Private APIs are hooks that exist in iOS, but …
COMMENTS
-
Tuesday 20th October 2015 07:13 GMT Pascal Monett
Well done, Apple
One API the Youmi developers couldn't get past is Apple's block on reading a device's serial number, so to create a unique identifier for the data they were gathering, the SDK slurped numbers from peripherals like the battery system and used those as the index.
So, you lock down reading the phone's serial number, but you solder in batteries with a unique ID and leave that available.
Brilliant reasoning there. Way to apply the logic all the way to the end. And what a wonderful example of actually checking the stuff you say you check. This absolutely cannot be proof that you use your rules arbitrarily to shut down apps that bother you rather than checking all apps thoroughly and binning all that do not adhere to the rules.
Nope. No lax security here. Oh wait . .
-
Tuesday 20th October 2015 08:11 GMT Anonymous Coward
Re: Well done, Apple
They may not do a perfect job of it, but at least they have a policy in place that disallows collection of personally identifiable data and they fix it when they find out someone has found a way around it.
Meanwhile with Android it is Google itself that is the biggest offender as far as collecting your personal data and doing everything they can to link it to all the other data they collect on you from other sources. So obviously they not only don't care about apps doing stuff like this they make the APIs that allow gathering this info first class so everyone can share in the data grab on the poor Android users.
-
-
-
Tuesday 20th October 2015 22:24 GMT Anonymous Coward
How is it "shutting the stable door after the horse has bolted"
Once they fix iOS and these apps could no longer get that info, they lose that link between app user and device (via the battery ID) and Apple ID. At that point you're just another app user, and they can't tell you apart from anyone else.
It isn't like once they got that information they had a permanent link to you. It only lasted as long as they could keep using those private APIs.
-
-
-
Tuesday 20th October 2015 22:20 GMT Someone Else
Note even a slap on the wrist, Apple?
“We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly”, Cupertino said.
Why?
Give the size of the ramrod Apple tends to have up its collective ass/arse about its vaunted
Walled GardenApp Store, one would think that Apple would / should go all Soup Nazi on them..."No Apps for you, Youmi, one year!"