back to article Zombie iOS APIs used to slurp private data

Up to a million iOS users' Apple IDs and device serial numbers were harvested by a software development kit (SDK) that accessed so-called “private APIs”. The information harvested by the Youmi advertising SDK from China was then sent back to Youmi servers, according to SourceDNA. Private APIs are hooks that exist in iOS, but …

  1. Mark 85

    Well, China's government may not be slurping but their software people have learned well from the US. Given what they pulled off, they may have just hit the big time with the likes of Google and MS.

  2. Voland's right hand Silver badge

    Let's put this into perspective

    So, we are supposed to listen to advertisers in general on how the world ends when they stop having access in any way they wish to our private data. Right?

    1. Pascal Monett Silver badge

      I wouldn't know

      I never listen to advertisers anyway.

  3. Pascal Monett Silver badge

    Well done, Apple

    One API the Youmi developers couldn't get past is Apple's block on reading a device's serial number, so to create a unique identifier for the data they were gathering, the SDK slurped numbers from peripherals like the battery system and used those as the index.

    So, you lock down reading the phone's serial number, but you solder in batteries with a unique ID and leave that available.

    Brilliant reasoning there. Way to apply the logic all the way to the end. And what a wonderful example of actually checking the stuff you say you check. This absolutely cannot be proof that you use your rules arbitrarily to shut down apps that bother you rather than checking all apps thoroughly and binning all that do not adhere to the rules.

    Nope. No lax security here. Oh wait . .

    1. Anonymous Coward
      Anonymous Coward

      Re: Well done, Apple

      They may not do a perfect job of it, but at least they have a policy in place that disallows collection of personally identifiable data and they fix it when they find out someone has found a way around it.

      Meanwhile with Android it is Google itself that is the biggest offender as far as collecting your personal data and doing everything they can to link it to all the other data they collect on you from other sources. So obviously they not only don't care about apps doing stuff like this they make the APIs that allow gathering this info first class so everyone can share in the data grab on the poor Android users.

      1. Dan 55 Silver badge

        Re: Well done, Apple

        I was going to say, a couple of permissions and Android puts those four items of data listed in the article on a plate for whoever wants it.

      2. TeeCee Gold badge
        Mushroom

        Re: Well done, Apple

        ....and they fix it when they find out someone has found a way around it.

        Also known as "shutting the stable door after the horse has bolted", a saying generally used to indicate how shit you are at thinking ahead.

        1. chr0m4t1c

          Re: Well done, Apple

          Yeah, those idiots, not thinking of every possible scenario that could lead to a breach and securing against it.

          Unlike......er.......um......

          Hang on, I'll get back to you.

        2. Anonymous Coward
          Anonymous Coward

          How is it "shutting the stable door after the horse has bolted"

          Once they fix iOS and these apps could no longer get that info, they lose that link between app user and device (via the battery ID) and Apple ID. At that point you're just another app user, and they can't tell you apart from anyone else.

          It isn't like once they got that information they had a permanent link to you. It only lasted as long as they could keep using those private APIs.

  4. Someone Else Silver badge
    Stop

    Note even a slap on the wrist, Apple?

    “We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly”, Cupertino said.

    Why?

    Give the size of the ramrod Apple tends to have up its collective ass/arse about its vaunted Walled Garden App Store, one would think that Apple would / should go all Soup Nazi on them..."No Apps for you, Youmi, one year!"

    1. Dan 55 Silver badge

      Re: Note even a slap on the wrist, Apple?

      It's an advertising library, included in other developers' apps. It's not really the other developers' fault, apart from not checking out the libraries they include enough.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like