On Sunday, SourceDNA published a blog post claiming, "Hundreds of apps in the App Store that extract personally identifiable user information ... successfully [bypassed] the app review process."
OK — this part is actually a big deal because Apple is usually pretty strict when it comes to reviewing apps for iOS. And this is the second time this year apps have been published to the store that shouldn't have gone up at all. (Video via Apple)
Apple told The Verge affected apps were created by a third-party advertising SDK called Youmi. (SDK is short for software development kit.) It used private APIs, which are basically backdoors for developers, to pull out user information and route it all back to Youmi's company server. (Video via The Verge)
The 256 apps created with this kit aren't in the app store anymore. And it's estimated that only 1 million downloads were capable of pulling out user data, most of which were probably downloaded from China's app store. (Video via Apple)
So far, the only app that's been named is the official McDonald's app for China, though SourceDNA points out most (if not all) of the developers probably weren't even aware the SDK they used would violate Apple's guidelines. (Video via CNBC)