LONDON -- Apple has removed a number of apps from its App Store, including ad-blocking app Been Choice, as they could potentially monitor online traffic, including financial transactions and personal communications.
While Apple introduced the ability to block ads on Safari with iOS 9, the apps it has removed went one step further by blocking ads within apps too. They were able to do this by installing root certificates, which allowed them to carry out what is known as deep packet inspection in order to filter out ads.
However, this also allowed the apps to monitor all your unencrypted traffic, whether that is your bank login details or private emails sent to family and friends. Apple said it is working with the developers of the removed apps and that there was no suggestion that there was anything overtly malicious happening, but the way these apps worked opened up a potential security risk in what was typically a very secure environment.
The risk would come from a man-in-the-middle attack where hackers would be able to sniff the unencrypted traffic going from your phone to the developer's servers and any other servers used in the process, bypassing Apple's typically tight security.
In its statement, Apple said: "We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk."
The developers of Been Choice, the most popular app removed in the cull, said they will update their app to remove ad blocking for Facebook, Google, Yahoo, Yahoo Finance and Pinterest before resubmitting it to Apple Friday in order to comply with the App Store's terms and conditions.
Ad blocking was introduced to iOS with the most recent update to Apple's software and allows users to block ads appearing on mobile websites viewed through the company's Safari browser. Apps such as Crystal and Purity immediately became very popular, topping Apple's App Store lists for weeks after their release.
There is no secure way to block native ads within apps at the moment, and this is the reason Apple has removed the apps in question. While the apps have been removed, they still remain on user's iPhones and iPads, but the company said it would publish a support page with instructions on how to remove the apps.
If you are worried about what apps have installed root certificates on your devices, here is a quick guide on how check and remove them from your iPhone or iPad:
- Go to Settings > General > Profile
- Tap on the profile you want to delete
- Tap Delete profile
- Enter your PIN
- Tap Delete to confirm