Skip to main content

App Store removes root certificate-based ad blockers over privacy concerns

While Apple has provided a mechanism to create safe, private content blocking extensions for Safari on iPhone and iPad, recently apps like Been Choice have taken it a step further, installing root certificates in order to block ads inside apps as well. The problem with that type of blocking is that it intermediates secure connections and exposes all your private internet traffic to the blocker. Essentially, it's a voluntary person-in-the-middle attack. For that reason, Apple is removing those apps from the App Store. Here's the statement Apple provided me:

"Apple is deeply committed to protecting customer privacy and security," an Apple spokesperson told iMore. "We've removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk."

I was surprised the root certificate-based ad blocking apps were approved to begin with. They perform deep packet inspection of everything done on the internet, including secure financial transactions and private communications, on the ad-blocker's servers and any servers involved in their chain, and in a way that's not easily toggled on or off.

There will no doubt be complaints from people who think they want these apps, and from developers who make the apps. But the potential risk of abuse is simply too high.

Again, this doesn't affect Safari content blockers like Crystal or Purify. Only those using root certificates. Some will question that choice as well. The difference is that the WebKit/Safari team spent time creating a private, secure way to block content in Safari—and the in-app Safari View Controller—that doesn't allow the blocker to do any tracking of its own. They're precompiled and at no point do they get to see what you're doing or where you're doing it.

There's not yet a similarly private, secure way to block content in apps. Unless and until that changes, allowing root-certificate-based content blockers in the App Store goes against Apple's privacy and security policies, which the company has made a major, top-down, front-facing feature of the platform.

Update: Been Choice has responded on twitter, saying they'll be updating to comply with Apple's policy:

See more
Rene Ritchie
Contributor

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

19 Comments
  • Thank you Apple for keeping the world a secure place !!!
  • So, Which apps are these? Apple removing them from the App store does not automatically remove/delete them from our devices or iTunes Libraries ...
  • You would think they'd mention the name of at least one or two of these offending apps...
  • Been Choice is the best known. I added it to the intro.
  • Thanks for the update. I wish a developer could create one that you could install the 'server-end' on a Mac at home on a high-speed connection. That way, you know it's still your traffic, and your devices are the only ones using it.
  • Hi I have an app called Disconnect - Privacy and Security. I believe this installs a profile too. They say they don't collect any data although to block ads they run traffic through open VPN. Do you think I should delete it.
  • App names would be helpful as I purchased Purify and love it. Sent from the iMore App
  • That's a regular content blocker, totally secure, private, and fine.
  • Purify is still in the App Store.
  • Most of the blockers don't use the "man in the middle" setup which is inherently insecure. The blame is I think at least partially on the tech sites that reported apps like "Been Choice" without letting their viewers know this. I don't know if iMore did that, but several other top sites ran articles that included Been Choice without letting people know how obviously insecure their methodology was. On the other hand, the "regular" blockers that I've tried (the top three basically) don't do that great a job of getting rid of ads. Every one of them lets a lot more through the net than my desktop blocker software does. Still, at least the web is usable on mobile again, if not perfectly free of advertisements.
  • How is a trusted man-in-the-middle insecure? Sure the entire point of TLS is to prevent unwanted man-in-the-middle attacks, but it's my choice if I want to run all my traffic through a trusted third party vetting service. I think there's a misconception of how this actually operates and what exactly the implications are. I agree that users need to be fully informed before making a choice like this, but it's not inherently bad.
  • I installed Been Choice together with its root certs. It helped to block out the ads in the free apps that have them—it really worked!
    But less than a minute later, I felt really uncomfortable and immediately uninstalled the app together with the certs.
    Evaluating my options, my privacy outweighed seeing not-so-life-changing ads in the apps that I use. Sticking to Purify/1Blocker for now.
  • Good call. Been Choice is bad news. It wasn't just filtering ads, it was harvesting all your personal information: From TechCrunch (http://techcrunch.com/2015/10/06/apple-approves-an-app-that-blocks-ads-i...): "It’s also not clear how well users will understand what data Earn mode is collecting and reselling, as users tend not to read privacy policies. And according to the Been Choice Privacy Policy, the company is tapping into the data traffic to pull device info, carrier and network info, device IDs, information about apps and data usage, “content of your communications and transactions” excluding financial and e-commerce applications (!!!), and the vague “information about you"
  • Felt the same way you did. I also uninstall it for the same reason.
  • Nice try getting the focus off Chip-gate. ;) Great journalism.
  • I got it before it was banned. We definitely need ad blocking for browsers that open inside apps - Many (most?) people do not use safari directly, but rather click links in Facebook, flipboard, etc. It is this broser that adblockers can't touch except this banned one; HOWEVER, using the VPN for this slows the speed down so much that it was kind of unusable.
  • Actually, as of iOS 9, you do get ad-blocking with in-app browsers as long as they use the new Safari View Controller, which I suspect most apps will adopt as it's the easiest way to build an in-app browser and provides the best experience.
  • Apple needs to add a capability of warning users if iTunes Sync finds these "banned" apps on people's devices or libraries. The the affected users can decide if they want to keep or remove these apps. Currently, this rear-guard action by Apple of removing apps from the App Store is of no use to customers who have already downloaded and installed these apps. Depending on internet news sites or blogs to find out about such apps is not a good way of doing this.
  • "There will no doubt be complaints from people who think they want these apps, and from developers who make the apps. But the potential risk of abuse is simply too high." --citation needed. Personally, I would feel more secure with a trusted third party inspecting and filtering my traffic than without one. The key is *trusted* third party. If I trust someone with my data that is my choice, not Apple's. I'm curious, would your opinion be different if the traffic never left the device and was filtered at that level?