Apple Removes Encryption Exposing Apps from App Store

Root-certificate based ad-blockers have been removed from the App Store after Apple deemed them to inspect all traffic, including secure and private traffic.

Citing privacy concerns, Apple has removed applications such as Been Choice after the latter has been found to install root certificate to block ads inside applications. While the ad-blocking is comprehensive, the method to block ads engages in intermediating secure connections that exposes any user’s private internet traffic to the blocker according to iMore.

Apple provided a statement to the publication:

Apple is deeply committed to protecting customer privacy and security.

We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.

In a roundabout manner, the mechanism used by Been Choice was a voluntary man-in-the-middle attack (MoTM), which malicious attackers often undertake.

Additionally, Apple has also advised iOS users to delete the application’s configuration profiles from their iPhones and iPads.

Related Article: iOS 9 Bug Allows Hackers to Bypass Lockscreen

This lead to many iOS users asking why the root certificate-based ad blocking application, among others were deemed safe by Apple’s strict App Store approval policy. The removed applications intermediate all traffic including financial transactions that are supposed to be secure. So too, similarly, with private or encrypted communication channels.

Apple has known to allow content and ad blocking solutions on its web browser Safari, such as Purify and Crystal. These blockers operate without tracking or having the means to access any data being used by the user.

Speaking to the Financial Times, David Yoon, co-founder of Been Choice said the company is looking into amending its application after Apple removed it. He confirmed that the application would be resubmitted for “expedited approval.”

Apple is said to be working with David Yoon and his developers to get the applications back on the store since the app’s developers are not thought to have acted maliciously, as long as they do not install root certificates on the device.