Posted by: David Harley | October 20, 2015

Youmi, YiSpecter, and the Economics of Updating

The Guardian isn’t usually my first port of call for Apple security news – actually, I tend to wait for news to come to me rather than go out looking for it, but I digress – but Mich Kabay drew my attention to a couple of articles worth reading.

Apple pulls 250 privacy-infringing apps from store is commentary on Apple’s statement that:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. “The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

While the statement is widely quoted by the press, it’s been taken from SourceDNA’s blog, to which it was a response. The SourceDNA blog – iOS Apps Caught Using Private APIs – is well worth reading for a more comprehensive and technical summary of the issue.

According to the Guardian’s Alex Hern, the research that uncovered the problem with Youmi code took place at Purdue University. Threatpost draws a comparison between the Youmi issue and the recent YiSpecter issue, while observing that YiSpecter is more unequivocally malicious.

The other article, by John Naughton, suggests that Security is the loser in the holy war between Android and Apple, attributing (at least in part) the patchy performance by Android vendors when it comes to security update delivery to the fact that while Android devices have 81% of the global market, they owe their dominance to ‘ infinitesimal profit margins’. Apple, he asserts, has only 1/5 of the smartphone market (less according to those IDC forecasts) but accounts for almost all the profits in that space because of its ‘insane’ profit margins and the fact that it has no competition as regards the iOS platform.

David Harley


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: