Apple has taken down a few apps from the App Store, some of which are ad blockers, due to the fact that the apps install their own root certificates that could allow developers to monitor all the encrypted data traffic from users.
The ad blockers among the apps being removed could use the root certificates to analyze all the traffic that would pass through them, such as the websites being viewed by users, at the packet level, which would bypass encryption and all other methods for protecting data.
The ad blockers that were taken down are not similar to the content blockers which Apple developed a framework for within iOS 9 to allow the blocking of ads in its Safari browser. The apps that were taken down block advertisements and other similar content within apps by removing them from the user's web traffic. To do so, the only way is to establish a VPN-style arrangement wherein the traffic would pass through the servers of the creator of the ad blocker to be able to remove the advertisements.
While the practice is not malicious, it could be dangerous and misleading to users as what happens is an app-in-the-middle set-up. The situation has information that can be analyzed by a third party pass through an external server, which is a scenario that could possibly be taken advantage of by hackers.
While the aforementioned system is more comprehensive in protecting apps outside Safari from advertisements and other unwanted content, the situations opens up users to attacks as the traffic being passed through third-party servers can be intercepted by hackers.
"We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions," Apple said in a statement, adding that the company is currently working with the developers of the apps that were taken down to be able to get the apps listed again on the App Store without compromising the security and privacy of users.
Apple, however, did not list all the apps that were taken down due to the discovered security risk.
