Latest in Gear

Image credit:

Apple pulls ad-blocking apps that can 'compromise' security

0 Shares
Share
Tweet
Share
Save

Apple has removed several ad-blocking apps from its Store that created a risk of "man-in-the-middle" security breaches. While Apple now permits ad-blockers for Safari, the banned apps also block ads from native apps by installing their own "root certificates" and shunting all traffic through a VPN. From there, they read the unencrypted traffic and remove ads, provided you enable the feature. As spotted by Techcrunch, one of the apps Apple removed was "Been Choice," software that even removed ads from Apple's own News app. However, it was also gathering "behavioral data" and sharing it with other companies, offering users points and cash rewards in exchange.

While there were no reported breaches, Apple decided to pull the apps, noting that they "install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions." However, it promised to work with the developers "to quickly get their apps back on the App Store," provided there's no risk to customer privacy and security. Starting with iOS 9, Apple decided to allow regular ad-blockers for Safari and other browsers, provided they don't monitor user traffic.

Apple is deeply committed to protecting customer privacy and security. We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.

As some observers have pointed out, Apple is likely to demand that the root certificate and VPN monitoring features be removed altogether, as they seemingly go against its Store policy. Meanwhile, Been Choice said that "we will remove ad blocking for FB, Google, Yahoo, Yahoo Fin., and Pinterest and resubmit tomorrow, to comply," but added "we will continue to block the majority of ads in apps, as well as Safari."

From around the web