Apple Rejects/Removes Unity-built Games to Protect User Privacy


It looks like Apple is using its rejection power for good this time -- removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone's phone number.

Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn't taking any chances following the Storm8 lawsuit. Touch Arcade has the details:

The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, _NSGetEnviron and exc_server. Mantas Puida of Unity Technologies explains these two API's utilized by the Unity engine serve the following functions:

_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().

exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.

The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. Hopefully this will keep users' data safe from unscrupulous developers, while the scrupulous ones continue to turn out great games.

[Touch Arcade via TUAW]

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Rene Ritchie

EiC of iMore, EP of Mobile Nations, Apple analyst, co-host of Debug, Iterate, Vector, Review, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts



← Previously

Apple Hiring Gaming Engineer for iPhone Team

Next up →

Verizon iPhone Attack Ads Take the Gloves Off, Target Steve Jobs?

Reader comments

Apple Rejects/Removes Unity-built Games to Protect User Privacy


The factory warranty on your car is about to expire.
Thanks apple, way to finally take one for the team, and not one for yourself

I think that it should be noted in this article that there is actually no requirement to build a game in with the Unity platform in order to retrieve phone numbers and submit them to a server.
Although Storm8 may have been using Unity to do this, from what I understand, such functionality is already available to programmers using public APIs and without Unity.

Apple may have other motives for removing apps based on the Unity platform, and for the record I agree with removing Storm8 if they are violating privacy.
However without Unity these actions are still possible even through the official public APIs.

Just a clarification, I was talking about the address book framework. Which makes it possible to retrieve any phone number stored in the phone book.
If the Unity "hack" allowed for retrieving the owners phone number which was not stored in the address book this is definitely a cause for concern.
However Unity appears to have already fixed this issue, and developers that have built under the new version are still being rejected:
I hope for them that Apple will begin to approve Unity based apps again as long as they are built with the new version.

Let's keep it on-topic folks and discuss the story, not each other. We appreciate everyone's time, and their understanding. Thanks!

"That’s one reason I’m [happy] apple is such a stickler on approvals"
Huh? Apple approved Spyware for your iPhone! WTF are you talking about? Apple being "a stickler" seems to give you no protection, given tat they have approved multiple pieces of Spyware.
And besides, if there were any other mainstream place to get apps, it would be YOUR decision whether or not to install them. You gain nothing by Apple being "sticklers", and yet you lose choice. Why does that make you happy again?

To much gaming is bad for your health. you will get fat! there are loads of other things you can do in life. but still a great story