Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data

by

SourceDNA, an analytics service that tracks iOS and Android code, has discovered hundreds of iOS apps that collect personally identifiable user information, including Apple ID email addresses and device identifiers, through a Chinese third-party advertising SDK called Youmi that is prohibited by App Store guidelines.

App-Store-About
The analytics firm, using its new developer tool Searchlight, found 256 affected apps, with an estimated 1 million total downloads, using one of the versions of Youmi in violation of user privacy. Its report claims most of the developers who used the SDK are located in China, and that many were likely unaware of the threat since the tool kit is delivered in binary form and obfuscated.

Ars Technica explained in more detail about the information gathered "gradually over the past year or so" by apps using Youmi:

SourceDNA researchers found four major classes of information gathered by apps that use the Youmi ad SDK. They include:

1. A list of all apps installed on the phone
2. The platform serial number of iPhones or iPads themselves when they run older versions of iOS
3. A list of hardware components on devices running newer versions of iOS and the serial numbers of these components, and
4. The e-mail address associated with the user’s Apple ID

The personal info is reportedly gathered via private APIs and then routed through Youmi's servers in China.

Apple released a statement saying it will remove apps with Youmi from the App Store, and reject future submissions using the SDK:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

SourceDNA sent a full list of affected apps to Apple, including the official McDonald's app in China, but did not share it publicly. Developers can check if their apps are affected using the analytics firm's Searchlight tool.

This discovery comes weeks after iOS malware XcodeGhost was disclosed, which arose from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. Apple also patched YiSpecter malware in iOS 8.4.

Tags: App Store, China, SDK, SourceDNA, Youmi

Popular Stories

iphone 16 display

iPhone 17's Scratch Resistant Anti-Reflective Display Coating Canceled

Monday April 28, 2025 12:48 pm PDT by
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors. Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Read Full Article113 comments
iPhone 17 Air Pastel Feature

iPhone 17 Reaches Key Milestone Ahead of Mass Production

Monday April 28, 2025 8:44 am PDT by
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report. iPhone 17 Air mockup based on rumored design The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
Read Full Article27 comments
Beyond iPhone 13 Better Blue

20th Anniversary iPhone Likely to Be Made in China Due to 'Extraordinarily Complex' Design

Monday April 28, 2025 4:29 am PDT by
Apple will likely manufacture its 20th anniversary iPhone models in China, despite broader efforts to shift production to India, according to Bloomberg's Mark Gurman. In 2027, Apple is planning a "major shake-up" for the iPhone lineup to mark two decades since the original model launched. Gurman's previous reporting indicates the company will introduce a foldable iPhone alongside a "bold"...
Read Full Article123 comments
iphone 17 air iphone 16 pro

iPhone 17 Air USB-C Port May Have This Unusual Design Quirk

Wednesday April 30, 2025 3:59 am PDT by
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years. iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack) At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Read Full Article135 comments
apple watch ultra yellow

What's Next for the Apple Watch Ultra 3 and Apple Watch SE 3

Friday April 25, 2025 2:44 pm PDT by
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too. 2025 Apple Watch Ultra 3 Apple didn't update the...
Read Full Article65 comments
iPhone 17 Pro Blue Feature Tighter Crop

iPhone 17 Pro Launching Later This Year With These 13 New Features

Wednesday April 23, 2025 8:31 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article
iPhone 17 Pro on Desk Feature

All iPhone 17 Models Again Rumored to Feature 12GB of RAM

Tuesday April 29, 2025 3:36 am PDT by
All upcoming iPhone 17 models will come equipped with 12GB of RAM to support Apple Intelligence, according to the Weibo-based leaker Digital Chat Station. The claim from the Chinese leaker, who has sources within Apple's supply chain, comes a few days after industry analyst Ming-Chi Kuo said that the iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will all be equipped with 12GB of RAM. ...
Read Full Article83 comments
AirPods Pro 3 Mock Feature

AirPods Pro 3 Just Months Away – Here's What We Know

Tuesday April 29, 2025 1:30 am PDT by
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Read Full Article102 comments

Top Rated Comments

jettredmont Avatar
jettredmont
124 months ago
through a Chinese third-party advertising SDK called Youmi ('https://www.youmi.net/')
So, another issue with wide swathes of apps from China. Not to be nationalist over this, but it seems there is a clear disease running through China putting its product on par with former-Soviet countries in terms of general trustability. The fact that this private information is being sent through the Great Firewall of China and not being hindered by that at all seems significant (Chinese developers complain that it is too slow to download Xcode across that firewall, but sending all this data from millions of phones and devices around the world to their servers over the same firewall is business as usual?)

"Something is rotten in the state of Denmark" seems an understatement.

I trust any corporation about as far as I can throw them, but it seems those residing in China give even less of a pause before assuming that anything they can grab is fair game.

When will apps start displaying "Designed and developed in the USA" badges?
Score: 20 Votes (Like | Disagree)
doboy Avatar
doboy
124 months ago
These apps should be banned, but doesn't sound too serious. Google likely collects more data ;)
Score: 17 Votes (Like | Disagree)
asmartkid82 Avatar
asmartkid82
124 months ago
I think the real question is: How many apps (and how long) have been making use of private APIs using similar techniques? How many apps do we have in our devices that have bypassed App Store validation using similar procedures? And I assure you, as a developer, that this is not a difficult thing to do at all…
Score: 13 Votes (Like | Disagree)
Benjamin Frost Avatar
Benjamin Frost
124 months ago
Good to see apps taking personal data being removed.

Presumably FaceBook and Google will be next on the list.
Score: 11 Votes (Like | Disagree)
Rigby Avatar
Rigby
124 months ago
How did these get approved in the first place? It seems something like this should be pretty easy to detect by Apple.
It isn't. In Objective C it's possible to construct API calls at runtime, so there's no easy way to discover them using static code analysis. And you can implement various methods to try and avoid making the calls while the app is in the review process.
Score: 7 Votes (Like | Disagree)
2457282 Avatar
2457282
124 months ago
Why does Apple allow these private APIs to begin with? Is it not something they can disable to avoid this problem in the future? I mean the reality is that you do not need the SDK to leverage the APIs. If you are an app developer you could write code to leverage them directly. How is Apple monitoring for this?
Score: 7 Votes (Like | Disagree)
Read All Comments