Apple Removes Some Ad Blockers From App Store for Installing Root Certificates

Thursday October 8, 2015 9:10 PM PDT by Husain Sumra
appstoreApple tonight removed some ad blockers, among other apps, from the App Store for installing root certificates that would allow developers to view encrypted traffic from their users, reports iMore. In a statement provided to the publication, Apple said it was working with developers to get the apps back into the App Store.
Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.
With iOS 9, Apple allowed developers to create content blockers that would block ads on websites in Safari. Some ad blockers were removed because they could use the installed root certificates to view customer data passing through them. However, iMore notes that the ad blockers removed from the App Store are slightly different than the content blockers Apple enabled with iOS 9.

The ad blockers removed from the App Store block ads and other content inside apps by "exposing all your private Internet traffic to the blocker," according to iMore. The apps are set up in a way that allows a user's traffic to flow through the developer's servers to perform the content blocking. One of the apps that has been removed is Been Choice, who notes that they will resubmit their app tomorrow with the necessary changes.

While Apple has enabled developers to create content blockers for Safari, it currently has no systems in place to allow developers to block content within apps.

60 comments


Top Rated Comments

(View all)
Avatar
btrach144
52 months ago
Where is the list of removed apps???
Rating: 6 Votes
Avatar
8012R3
52 months ago
Apple should not be allowing these developers back in to the App Store.
Rating: 6 Votes
Avatar
mw360
52 months ago

Can we have a review with recommendations for safe ad blockers in iOS. The changes in iOS 9 have left very muddied waters, let alone with apps being launched and then pulled by the developer or Apple.

Mess. Mess. Mess.


This isn't the mess it appears to be.

iOS9 introduced ways to block ads which didn't compromise privacy. The old ad blockers which used insecure methods have been now been pulled and/or updated. End of story.

Oh, one developer pulled his safe ad blocker because he felt bad about it.
Rating: 5 Votes
Avatar
MacHiavelli
52 months ago
Can we have a review with recommendations for safe ad blockers in iOS. The changes in iOS 9 have left very muddied waters, let alone with apps being launched and then pulled by the developer or Apple.

Mess. Mess. Mess.
Rating: 5 Votes
Avatar
Rigby
52 months ago
What happened is that some of the adblockers installed their own root certificate, so they could perform what resembles a man-in-the-middle attack on user's SSL-encrypted traffic. Installing a root certificate enables the proxy at the remote end of the VPN to replace the original encryption keys offered by an HTTPS web site with their own, without the user having any way of detecting this. After replacing the keys, they can see all the user's SSL-encrypted traffic (potentially including things like passwords entered in banking apps etc.).

Even if we assume this was well-intentioned (i.e. the adblocker dev only wanted to make sure that adblocking works on encrypted sites/apps too), this is a very dubious proposition, as most non-technical people won't expect this. At the very least the blocker needs to make it very clear to the user that their end-to-end encryption is being broken.

It's worth repeating that this issue does *not* affect bockers that use the new iOS 9 content blocker mechanism, such as the ones listed in the first post in this thread:

https://forums.macrumors.com/threads/the-ios-9-content-blocker-thread.1916783/
Rating: 4 Votes
Avatar
0815
52 months ago

i need something to block Iads.


I only dont like bad intrusive ads that are in your face, like the admob/ Google garbage that is forced full screen with auto play videos in your face after every short game play. iAd on the other hand just sits there without annoying me and allows me to get free apps - I even click on them in support of very good games.
Rating: 4 Votes
Avatar
iKen1
52 months ago

That's wonderful. Good for you, supporting them. But I still want a way to block ads.

Pay for your software?
Rating: 3 Votes
Avatar
Parasprite
52 months ago

Don't all VPN apps technically allow the company to see all of your traffic?

If the traffic is encrypted and the VPN doesn't have the means to decrypt it (your private key), then no. Yes, they would be able to see the source and destination, but not the message itself.
Rating: 3 Votes
Avatar
ke-iron
52 months ago
Apple is too nice to be true. They are actually going to work with the developers of the violating apps to try and bring the app back to the store as soon as possible?

They knew their apps violated the App Store agreements when they submitted it. No way you could be a developer and not know your app would install forbidden certs on the user phone.

Apple should suspend these devs accounts for blatant failure to comply with App Store rules.
Rating: 2 Votes
Avatar
mw360
52 months ago

Does this mean content blockers actually increase data traffic on iOS?


This is in reference to old ad blockers which used their own tricks to block ads, including rerouting unencrypted traffic through filtering servers (I believe this was openly known to happen - not nefarious). It's not about the new iOS9 apps which use a secure API provided by Apple.
Rating: 2 Votes
[ Read All Comments ]