TechSpot

Apple removes a "few" root certificate-based apps from its store over security concerns

By midian182
Oct 9, 2015
Post New Reply
  1. Apple revealed on Thursday that had removed a “few” apps from its App Store, including some ad blockers, over fears that they could expose users’ personal data to third parties. The company said it was working with the developers to resolve the issues and get their apps back on the store.

    The apps in question install root certificates on an Apple device that could be used to examine traffic passing through them at the packet level, bypassing encryption and other data protection methods. While the developers are not thought to have acted maliciously, their apps can put users' private information at risk as it passes through a virtual private network (VPN) or proxy servers.

    Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.

    Almost three weeks ago, it was reported that Apple had removed over two dozen malicious apps from the App Store after a strain of malware, known as XcodeGhost, made its way past the company's usually-strict security and app review protocols.

    Apple has not specified the precise number of apps it has removed or named them, but a spokeswoman for the company said it would soon release a support page to help users remove the apps in question from their devices. Content-blocker Been Choice revealed on Twitter that it was one of the apps taken down, and that it was working to update the app in order to comply with Apple’s security standards and return to the online store.

    Permalink to story.

     
  2. enemys

    enemys TS Booster Posts: 47   +22

    That's... Actually a good move. Letting phone apps bypass encryption is a bad idea.
     
  3. jobeard

    jobeard TS Ambassador Posts: 9,322   +622

    To be applauded :: proactive efforts to protect users BEFORE the problems arise. (y)
     
  4. Randomthom

    Randomthom TS Enthusiast Posts: 47   +16

    Riiiiight, it's all about protecting the user and nothing to do with making sure all those adverts are seen.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...