Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data

by

SourceDNA, an analytics service that tracks iOS and Android code, has discovered hundreds of iOS apps that collect personally identifiable user information, including Apple ID email addresses and device identifiers, through a Chinese third-party advertising SDK called Youmi that is prohibited by App Store guidelines.

App-Store-About
The analytics firm, using its new developer tool Searchlight, found 256 affected apps, with an estimated 1 million total downloads, using one of the versions of Youmi in violation of user privacy. Its report claims most of the developers who used the SDK are located in China, and that many were likely unaware of the threat since the tool kit is delivered in binary form and obfuscated.

Ars Technica explained in more detail about the information gathered "gradually over the past year or so" by apps using Youmi:

SourceDNA researchers found four major classes of information gathered by apps that use the Youmi ad SDK. They include:

1. A list of all apps installed on the phone
2. The platform serial number of iPhones or iPads themselves when they run older versions of iOS
3. A list of hardware components on devices running newer versions of iOS and the serial numbers of these components, and
4. The e-mail address associated with the user’s Apple ID

The personal info is reportedly gathered via private APIs and then routed through Youmi's servers in China.

Apple released a statement saying it will remove apps with Youmi from the App Store, and reject future submissions using the SDK:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

SourceDNA sent a full list of affected apps to Apple, including the official McDonald's app in China, but did not share it publicly. Developers can check if their apps are affected using the analytics firm's Searchlight tool.

This discovery comes weeks after iOS malware XcodeGhost was disclosed, which arose from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. Apple also patched YiSpecter malware in iOS 8.4.

Tags: App Store, China, SDK, SourceDNA, Youmi

Popular Stories

iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and iPhone 16 Pro models have a titanium frame, and the iPhone ...
Read Full Article123 comments
Apple 2025 Thumb 1

10 Products Still Coming From Apple in 2025

Friday April 11, 2025 4:14 pm PDT by
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then. We've rounded up a list of everything that we're still waiting to see from Apple in 2025. iPhone 17, 17 Air, and 17 Pro - We get...
Read Full Article54 comments
iOS 18 Siri Personal Context

Report Reveals Internal Chaos Behind Apple's Siri Failure

Thursday April 10, 2025 7:15 am PDT by
A new report from The Information today reveals much of the internal turmoil behind Apple Intelligence's revamped version of Siri. Apple apparently weighed up multiple options for the backend of Apple Intelligence. One initial idea was to build both small and large language models, dubbed "Mini Mouse" and "Mighty Mouse," to run locally on iPhones and in the cloud, respectively. Siri's...
Read Full Article343 comments
M6 MacBook Pro Feature 1

Waiting for the Perfect MacBook Pro? 2026 Might Be the Year

Thursday April 10, 2025 4:19 am PDT by
Apple in October 2024 overhauled its 14-inch and 16-inch MacBook Pro models, adding M4, M4 Pro, and M4 Max chips, Thunderbolt 5 ports on higher-end models, display changes, and more. That's quite a lot of updates in one go, but if you think this means a further major refresh for the MacBook Pro is now several years away, think again. Bloomberg's Mark Gurman has said he expects only a small...
Read Full Article113 comments
maxresdefault

The MacRumors Show: New iOS 19, iPhone 17, and Apple Watch Ultra 3 Leaks

Friday April 11, 2025 7:13 am PDT by
On this week's episode of The MacRumors Show, we catch up on the latest iOS 19 and watchOS 12 rumors, upcoming devices, and more. Subscribe to The MacRumors Show YouTube channel for more videos Detailed new renders from leaker Jon Prosser claim to provide the best look yet at the complete redesign rumored to arrive in iOS 19, showing more rounded elements, lighting effects, translucency, and...
Read Full Article14 comments
iPad Pro iPadOS

iPadOS 19 Will Be 'More Like macOS' in Three Ways

Sunday April 13, 2025 6:43 am PDT by
A common complaint about the iPad Pro is that the iPadOS software platform fails to fully take advantage of the device's powerful hardware. That could soon change. Bloomberg's Mark Gurman today said that iPadOS 19 will be "more like macOS." Gurman said that iPadOS 19 will be "more like a Mac" in three ways:Improved productivity Improved multitasking Improved app window management...
Read Full Article179 comments
apple intelligence black

NYT: Apple's AI Struggles Began with 2023 Chip Budget Dispute

Friday April 11, 2025 4:33 am PDT by
Apple's current struggles with Apple Intelligence and Siri began in early 2023 when AI head John Giannandrea sought approval from CEO Tim Cook to purchase more AI chips for development, according to a new report from The New York Times. Cook initially approved doubling the team's chip budget, but CFO Luca Maestri reportedly reduced the increase to less than half that amount, and instead...
Read Full Article114 comments
Apple Vision Pro with battery Feature Blue Magenta

Vision Pro 2 Rumored to Have Two Key Advantages Over Current Model

Sunday April 13, 2025 7:15 am PDT by
Apple is working on a new version of the Vision Pro with two key advantages over the current model, according to Bloomberg's Mark Gurman. Specifically, in his Power On newsletter today, Gurman said Apple is developing a new headset that is both lighter and less expensive than the current Vision Pro, which starts at $3,499 in the U.S. and weighs up to 1.5 pounds. Gurman said Apple is also...
Read Full Article109 comments
Apple Accessories Deals 2024 Anker Green

Anker Raises Prices on Amazon Due to Tariffs

Friday April 11, 2025 11:28 am PDT by
Chinese company Anker is one of many companies that will be raising prices due to the tariffs put in place by U.S. President Donald Trump, and prices are already starting to go up on Amazon. As noted by Reuters, Anker has increased pricing on about a fifth of its products since Thursday of last week. Prices are up approximately 18 percent, and there is a possibility for further increases. A...
Read Full Article326 comments

Top Rated Comments

jettredmont Avatar
jettredmont
124 months ago
through a Chinese third-party advertising SDK called Youmi ('https://www.youmi.net/')
So, another issue with wide swathes of apps from China. Not to be nationalist over this, but it seems there is a clear disease running through China putting its product on par with former-Soviet countries in terms of general trustability. The fact that this private information is being sent through the Great Firewall of China and not being hindered by that at all seems significant (Chinese developers complain that it is too slow to download Xcode across that firewall, but sending all this data from millions of phones and devices around the world to their servers over the same firewall is business as usual?)

"Something is rotten in the state of Denmark" seems an understatement.

I trust any corporation about as far as I can throw them, but it seems those residing in China give even less of a pause before assuming that anything they can grab is fair game.

When will apps start displaying "Designed and developed in the USA" badges?
Score: 20 Votes (Like | Disagree)
doboy Avatar
doboy
124 months ago
These apps should be banned, but doesn't sound too serious. Google likely collects more data ;)
Score: 17 Votes (Like | Disagree)
asmartkid82 Avatar
asmartkid82
124 months ago
I think the real question is: How many apps (and how long) have been making use of private APIs using similar techniques? How many apps do we have in our devices that have bypassed App Store validation using similar procedures? And I assure you, as a developer, that this is not a difficult thing to do at all…
Score: 13 Votes (Like | Disagree)
Benjamin Frost Avatar
Benjamin Frost
124 months ago
Good to see apps taking personal data being removed.

Presumably FaceBook and Google will be next on the list.
Score: 11 Votes (Like | Disagree)
Rigby Avatar
Rigby
124 months ago
How did these get approved in the first place? It seems something like this should be pretty easy to detect by Apple.
It isn't. In Objective C it's possible to construct API calls at runtime, so there's no easy way to discover them using static code analysis. And you can implement various methods to try and avoid making the calls while the app is in the review process.
Score: 7 Votes (Like | Disagree)
2457282 Avatar
2457282
124 months ago
Why does Apple allow these private APIs to begin with? Is it not something they can disable to avoid this problem in the future? I mean the reality is that you do not need the SDK to leverage the APIs. If you are an app developer you could write code to leverage them directly. How is Apple monitoring for this?
Score: 7 Votes (Like | Disagree)
Read All Comments