Apple is cracking down on applications that send location data to third-parties. Over the last few days, Apple has removed several applications in question as well as informed developers that their app violates sections 5.1.1 and 5.1.2 of the App Store Review Guidelines.
(ii) Data collected from apps may not be used or shared with third parties for purposes unrelated to improving the user experience or software/hardware performance connected to the app’s functionality, or to serve advertising in compliance with the Apple Developer Program License Agreement.
So far, we’ve seen plenty of apps getting the kicked off the Apple App Store. The crackdown comes ahead of the May 25th implementation of Europe’s General Data Protection Regulation, OR GDPR, which gives 1.9 billion users more power over their personal data. Under the GDPR guidelines, technology companies are required to obtain explicit and informed consent from a user they’re collecting personal data from. This means apps need to ask for consent to collect your personal data, or highlight how they’re using the data collected from you.
In the notices sent to iOS developer, Apple says who would want to reinstate their app must first remove all coding, framework, or SDKs that allow location sharing with third parties, and resubmit the app for a review.
Apple finally decided to start enforcing guidelines on selling location data
via @jeromep1970 pic.twitter.com/YKAWfMBq35
— Thomasbcn (@Thomasbcn) May 7, 2018
Once the application has been approved, it will be relisted on the Apple App Store.
It is unclear how many apps have been removed from the App Store following the crackdown.
GrayKey Vulnerability
In another news, Apple is reportedly introducing a feature in iOS 11.4 called “USB Restricted Mode” that will make it harder for law enforcement to extract data from stolen or seized Apple devices. In April, a Motherboard investigation found that law enforcement agencies across that country had purchased GrayKey, a tool for bypassing encryption on iPhones, while the FBI pushes again for encryption backdoors.
According to the photographs published by cybersecurity firm Malwarebytes, GratKey is a 4×4-inches portable box with dual lightning cables for connecting iPhones. The device comes in two versions: a $15,000 one which requires online connectivity and allows 300 unlocks (or $50 per phone), and an offline $30,000 version which can crack as many iPhone as the customer wants.
It’s no wonder Apple is working on a security patch. A few weeks from now, law enforcement will have squandered millions of dollars in small, portable boxes as Apple will have patched them out.
