Wrong SDK for iOS App Development = Rejection From The App Store

0
Shares
Wrong SDK for iOS App Development = Rejection From The App Store
Rate this post

privacy_please

Yes a simple wrong decision of choosing the wrong SDK for your iOS app development, can throw your app out of the App Store. Recently, 256 apps have been rejected by App Store, making it a big concern for the app developers and the app makers, along with Apple itself.

This news was first given importance by security analytics firm SourceDNA. As it notes, this purging of the App Store was done, mainly because of the sketchy third-party SDK (Software Development Kit). This was not according to the privacy laws and guidelines of Apple and it is because of this that strict actions like these have been taken.

One of the major flaws that these apps contained was the encryption that the apps were made of. The apps’ encryption was flawed in one of the key areas that should be taken care of earlier; Security. These apps had the capability to spy on any encrypted traffic, that bypassed transport layer security protections.

Apple identified SDKs by their binary signatures, which were all part of a common codebase, the Youmi (youmi.net) advertising SDK from China. Here’s what Apple has to say on this security breach.

We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs (Application Programming Interfaces) to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines.

The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly. – Official Statement from Apple

iOS Apps that used the Youmi ad SDK gathered four classes of information, which are:

  • List of all the apps that are installed on the device
  • Platform serial number of iPhones and iPads, when they run older versions of iOS
  • List of hardware components on devices along with their serial numbers
  • Email associated with users’ Apple ID

Since every dealing of every sort has been mobilized, it has become very difficult to maintain the security as well as the privacy of the user. Making sure that the security of the user is maintained is so important, that a coupler of months ago, a new system was launched, namely ACE, that draws a standard for how much information can the app take and how much can it not.

The App Configuration for Enterprise (ACE) is the first open standard approach to establish a way of configuring and securing the mobile apps used for business purposes and deployed via EMM (Enterprise Mobility Management) solutions.

If you choose the wrong SDK (knowingly or unknowingly) that uses private APIs, it is almost certain that very soon your app can be thrown out. The news raises the question, whether other iOS apps are actively following the Apple guidelines.

Moral for app makers or app development company: Choose the right SDKs & plugins to make an app that deserves staying on the App Store & user’s smartphones.

 
0
Shares
 

Have an App Idea?

Get your free consultation now