14 DAY TRIAL // Apple has banned a few iOS ad blockers from its App Store, after it was found that these apps installed root certificates on the user's devices, giving them the option of sniffing the user's Web traffic.
Ad blockers are a recent addition to the iOS ecosystem, allowing users to block ads while surfing the Web with Safari.
But ads aren't only shown on Web pages, and lots of apps show them inside their normal content, in a way that cannot be blocked by normal browser-based ad blockers.
To go around this issue, some ad blocker app authors added root certificates to their applications, which allowed them access to the whole iOS set of features and functions.
Using this new found level of access, they then started to filter all Web-hosted content so their ad blocker technology would be able to block ads inside native iOS apps like Facebook, Pinterest, or Google.
Ad blockers performed an MitM attack on the user's Web traffic
Because the root certificate practically enabled the ad blocker to perform a Man-in-the-Middle (MitM) attack on all incoming Web traffic so it could do its job and sniff out and block ads, this alerted Apple to a potential security and privacy flaw.
The problem, as Apple explained it, is that this broke down iOS security measures, allowing an app maker to watch over the user's actions.
If an ad blocker was compromised by a hacker, using this entry point, they would have been able to log Web traffic, despite being protected by SSL/TLS certificates.
iOS ad blockers also rerouted some user traffic through external servers
Additionally, some of these apps also rerouted traffic through external servers so it can be analyzed and the ads filtered. This is an obvious "no-no" in Apple's book, and one bigger security threat than the first.
A few apps were banned, but Apple did not provide the full list, only saying that all of the ad blocking apps used root certificates.
This news story was first covered by iMore, an Apple-centric news site. Following the story, Been Choice, one of the banned apps answered iMore on Twitter, saying the plan to remove ad blocking features for some Apple apps and then resubmit their app on the App Store.
@reneritchie We will remove ad blocking for FB, Google, Yahoo, Yahoo Fin., and Pinterest and resubmit tomorrow, to comply.
— Been® Choice (@beenchoice) October 9, 2015