Apple has banned 256 apps, with an estimated total of 1 million downloads among them, following the identification within them of software that was secretly collecting data to send back to an advertising firm in China.
Youmi offers Chinese developers advertising-related code that can be easily integrated with apps — a common service worldwide. But Youmi's code happened to include a few extra functions, which secretly gathered info about the phone, user, installed apps and connected devices such as laptops and accessories.
This surreptitious collection was discovered independently by cybersecurity firm SourceDNA and researchers at Purdue University. Apple confirmed the findings, issuing a statement after removing the 256 offending apps.
It's not likely, SourceDNA reported, that the hundreds of apps and their developers were all in on the trick. Since the Youmi code was fairly common and it took a careful breakdown of it to identify the sketchy functions, it's more likely these app creators had no idea and Youmi was acting alone.
"Given how simple this obfuscation is and how long the apps have been available that have it, we’re concerned other published apps may be using different but related approaches to hide their malicious behavior," wrote SourceDNA in its blog post.