Apple Dumps Ad-Blocking Apps Over Privacy Fears - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile // Mobile Applications
Commentary
10/11/2015
10:05 AM
Larry Loeb
Larry Loeb
Commentary
50%
50%

Apple Dumps Ad-Blocking Apps Over Privacy Fears

The apps removed from Apple's store installed root certificates that could have potentially allowed third-parties to view private user information.

10 Apple Slip-Ups That Bruised Its Reputation
10 Apple Slip-Ups That Bruised Its Reputation
(Click image for larger view and slideshow.)

Apple has pulled some ad-blocking and content-blocking apps from its store over privacy concerns. Specifically, the apps installed root certificates that expose all traffic (including encrypted traffic) from a device to the blocker.

The technique is basically the same thing as a man-in-the-middle attack, but voluntary.

"Apple is deeply committed to protecting customer privacy and security. We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk," according to a statement Apple sent to InformationWeek on Friday, Oct. 9.

While Apple did not name names, Been Choice, which claims on its site to be "the most powerful blocker available," revealed on Twitter that it was among the apps that were pulled.

"We will remove ad blocking for FB, Google, Yahoo, Yahoo Fin., and Pinterest and resubmit tomorrow, to comply," Been Choice said in the post.  

Been Choice's method allowed it to block content in Safari and within apps, including Facebook and Apple News. 

(Image: nikauforest/iStockphoto)

(Image: nikauforest/iStockphoto)

Apple has provided tools (the Safari View Controller) in iOS 9 to allow content blocking from Web sources. SVC does not allow any blocking program to carry out tracking on its own.

However, Apple has allowed standalone apps a free pass from blocking.

Apple has an in-app ad service (iAd) that would have been affected by content blocking in apps.

According to its Twitter post, Been Choice appears to be caving in to Apple. However, David Yoon, the cofounder of Been Choice, told InformationWeek in an email Friday that the company is not giving up, only changing techniques.

"They pulled us and then noted in the interface to ITunes store that they would call. During the call they told us it was the root cert issue," he said.

[Find out why the creator of the most popular ad-blocking tools for iOS 9 is having second thoughts.]

He went on to outline how Been Choice will respond. "We will remove root certs and resubmit. ... We want to resubmit this morning. There are others [who] have VPNs that block ads. But perhaps without root certs. So we will try that. Our goal is to give users a real choice between privacy and sharing. So that is what we need to do, the best we can under the guidelines."

This app sweep occurs about three weeks after over two dozen infected Chinese apps that installed their own root certificates were found in the App Store. They were produced by developers who were unaware that they were using a fake version of the Apple developer tool Xcode. These apps contained a payload of malicious intent, delivering malware to the end-user.

This is not the same situation, since Apple seems not to be directly ascribing malicious intent to the developers. It does show that Apple is no stranger to dealing with privacy issues, especially lately.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 5   >   >>
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/23/2015 | 10:10:55 AM
Re: Missed the point
Been can indeed see all your online activity, if you let them. They are upfront about it.

But, they have a program tacked onto this that will reward you if you share your behavior with them so that they can resell that information. Right now, you give it away in return for access.

They want to split the money with you.
kstaron
50%
50%
kstaron,
User Rank: Ninja
10/23/2015 | 9:02:06 AM
Missed the point

"Our goal is to give users a real choice between privacy and sharing."

While this is a nice sentiment, is it really sharing if the ad blocker gets to see all your clicks, everything you do online? Am I wrong in thinking that could easily collect data on passwords and bank info? couldn't they still build an effective as blocker that didn't let them see our encrypted data. The quote there seems like they are missing the point of why Apple pulled the app in the first place.

soozyg
50%
50%
soozyg,
User Rank: Ninja
10/22/2015 | 4:35:53 PM
Re: ad blockers
What, are you blond? (Cause that's a popular blond joke....)

$50/year doesn't actually seem like a lot of money.....
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/22/2015 | 4:26:50 PM
Re: ad blockers
For that kind of money, I'll come over to your house and put white-out on your computer screen.
soozyg
50%
50%
soozyg,
User Rank: Ninja
10/22/2015 | 3:37:31 PM
Re: ad blockers
I just looked this up and for $49.99 per year, Yahoo offers no-ad email. lol
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/22/2015 | 2:23:21 PM
Re: ad blockers
AdBlockPlus (my dafault desktop blocker) only works for web browsing.

I dont know if viewing Yahoo mail in a browser counts.

It might if the ad calls outside of Yahoo for the data.
soozyg
50%
50%
soozyg,
User Rank: Ninja
10/22/2015 | 10:20:14 AM
Re: ad blockers
Is it even possible to block them? I work on a desktop. (Yes, I'm old fashioned like that! lol) I should look into that.
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/22/2015 | 10:07:59 AM
Re: ad blockers
And really hard to block because they are embedded in Yahoo mail, I bet.
soozyg
50%
50%
soozyg,
User Rank: Ninja
10/22/2015 | 9:58:45 AM
Re: ad blockers
Yes, and those huge ads drive me crazy on yahoo mail because they're not focused and messages are blocked from coming in until the new ad refreshes. So annoying.
larryloeb
50%
50%
larryloeb,
User Rank: Author
10/21/2015 | 11:17:24 PM
Re: ad blockers
Yes, and the flash is coming back to bite them badly.

They confused loud and obnoxious with effective,
Page 1 / 5   >   >>
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll