How Apple is protecting customer privacy and security

banner

 

Apple acknowledged that the App Store had been hit by an unprecedented hack that infected dozens of apps with malware. An online security company that has been posting about the hack since last week, the malware can create fake alerts that pop up on your phone and request sensitive information, like passwords and login credentials. It could also get passwords and other sensitive information from your phone by accessing the device’s clipboard.

Apple has provided a mechanism to create safe, private content blocking extensions for Safari on iPhone and iPad, recently apps like Been Choice have taken it a step further, installing root certificates in order to block ads inside apps as well. The problem with that type of blocking is that it intermediates secure connections and exposes all your private internet traffic to the blocker. Essentially, it’s a voluntary person-in-the-middle attack. For that reason, Apple is removing those apps from the App Store.

With iOS 9, Apple allowed developers to create content blockers that would block ads on websites in Safari. Some ad blockers were removed because they could use the installed root certificates to view customer data passing through them. However the ad blockers removed from the App Store are slightly different than the content blockers Apple enabled with iOS 9. The ad blockers removed from the App Store block ads and other content inside apps by “exposing all your private Internet traffic to the blocker,”. The apps are set up in a way that allows a user’s traffic to flow through the developer’s servers to perform the content blocking. One of the apps that has been removed is Been Choice.

While Apple has enabled developers to create content blockers for Safari, it currently has no systems in place to allow developers to block content within apps.