The apps installed root certificates on devices, allowing them to block ads on applications. Apple hates that.
Apple removed a number of apps from the App Store today, after it discovered that some of them were installing root certificates on the devices of its users - a clear violation of Apple's stringent policies. The apps, designed to block advertisements on mobile browsers and even within apps, are gaining popularity, thanks to a decision by Apple to allow ad-blocking in iOS 9.
Although Apple created a safe framework that allows third-party apps to block ads on its Safari mobile browser, some app developers found a way to exploit the system by secretly installing root certificates on iPhones and iPads, using a technique called app-in-the-middle, which uses a virtual private network (VPN) to channel and examine data transmitted between devices and servers.
Because these apps work at the packet level, they can bypass encryption, allowing them to block ads on websites and apps. Simply put: the VPN will act as a staging area where the ads are removed, and the stripped content is transmitted to a mobile device. Hackers can seize this opportunity by stealing important information or by injecting malicious code.
One of the apps removed today is Been Choice, which is a popular ad blocker. Apple said that it is currently working with app developers to get their apps back on the store. However, the apps will never be the same. While these apps will continue to block ads on browsers, they won't be able to do the same inside applications.
How To: Buy a Pokemon Go Plus
Don't Miss: iPhone 8: Everything You Need to Know
“Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions,” Apple said in a statement. “We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.”