Apple has officially said:
We have removed a "few" apps from the iOS App Store that could install root certificates and allow monitoring your data.
It's like- they have analyzed and admitted that they lacked in the auditing of the App Store hosted Apps.
The company is also advising its users to uninstall the malicious apps from their iPhones, iPads and iPods in order to prevent themselves from monitoring, though it has yet to name the offending apps.
App Store Apps Spy on Encrypted Traffic
The challenge that stood before Apple was, they discovered that "few" of the Apps in the iOS App Store were capable of spying on the users by compromising SSL/TLS security solutions of their online communication.
Root certificates are the fundamental part of how encrypted connections like HTTPS verify the site users are connecting to and creating a secure environment for them to get access to various resources. Their updates also happen on a timely basis.
Root certificates allow public key encryption to browsers and other services to validate certain types of encryption and ensure that user is redirected to that website or server that he requested.
However, in Apple's case, the fraudulent apps were acting as an interface between the secure connections and exposing all private Internet traffic of the user.
However, to get rid of the problem, Apple has removed various apps from their App Store that could decrypt the "Encrypted Connection" between the user and the server to which the user is connected to.
Apple Yet to Disclose the names of Offending App
Apple did not disclose the names of such Apps, instead said that there are few of them with bitter intents and for which, they left the users displeased, as:
They want the users to uninstall the Apps, but which ones to remove they are least bothered.
Also, they have given directions for "How to delete an app that has a configuration profile on your iPhone, iPad, or iPod touch," on their support page, but…
...Does that make any difference?
As how are the people going to identify which Apps to uninstall!
Furthermore, in a similar incident developer of an app commonly known as Been Choice was removed from the iOS store, consequently the developer posted on Twitter about they being 'Pulled Off' from iOS store and mentioned that:
"We'll remove ad blocking for FB, Google, Yahoo, and Pinterest apps."
Therefore, it can be assumed that Been Choice's, Ad-blocker app which functioned in such a way that it installs root certificates in order to block ads inside apps, might be gathering private details of the user through ad blocking facility via installing root certificates.
One thing is important to note here, which is- Apple allowed such Apps that were installing Root certificates on the users' device.
Meanwhile, all the iPhone, iPad and iPod touch device holders are requested to uninstall any suspicious app from there device; until Apple reveals the names of those apps.
