Most companies in the small and startup technology sector are relying heavily on mobile apps for a rapid and sure mode of revenue generation in the foreseeable future. Reports from reliable sources say that the revenue which stood at around $17 million in the year 2010 is slated for a steep rise up to $25 Million by the year 2015. Under such growth prospects, unethical companies would be looking how to make maximum benefits while the sun shines, notwithstanding the things they do and the methods they use to achieve their ends, their sole guiding factor being that the end justifies the means.
Google’s Sudden Action
In a flash action, Google decided to remove about 250 apps from its online store, which it claimed, were infringing on customer privacy, an anathema to its company policies. The move was a reaction to their apprehension about a Chinese company extracting critical private client information, in sheer violation of Google’s uncompromising privacy policies. The modus operandi of these apps was to take private information from client’s iPhones with the help of an advertizing tool kit with a malicious intent. This company, Youmi, a mobile provider of advertisements, used an SDK kit, which clandestinely accessed client’s personal information by applying concealed development software.
The Crux of the Problem
Youmi were found to use a combination of procedures and functions that permitted them to create applications that could access the secret data in an application, operating system and other services. Youmi used these secretive APIs to infringe into the commands that Apple had infused into the iOS, and were out of bounds to outside developers for reasons of confidentiality and security of their clients. Youmi installed a code that could extract information on the device’s serial number, details of Apps installed, client Apple ID and peripheral’s serial number.
Investigation revealed that this problem did not exist with Youmi’s past SDK. However, their development engineers had been burning the midnight oil to find ways and means of circumventing the process of the App review to collect important information relating to several heads.
It is a matter of regret that Youmi never revealed its habit of data gathering to the other application developers using the SDK platform.
Nate Lawson of Source DNA, in his interaction with Air Technica admitted that this happened to be the first time the company had detected violation of privacy norms by an app developer, adding that Apple should have been aware of this and taken action earlier. Actually 256 tainted programs were detected by the security blog, and around one million users had downloaded the apps.
Apple has taken a principled stand on removal of the illegal apps from the apps store and replacing it with its own version of legal software quickly with help from their own developers.
Youmi, meanwhile, profusely apologized to their associates for the embarrassment they had caused and the loss due to interruption of services. However, in an official communiqué, they denied any part in collecting personal client information.
Apple, on their part is building solid app store defenses to prevent a repeat of this mishap, in future.