Apple removes several apps that could spy on encrypted traffic

(credit: PhotoAtelier)

Apple has purged its iOS App Store of several titles that it said had the ability to compromise encrypted connections between end users and the servers they connect to. The company advised users to uninstall the apps from their iPhones and iPads to prevent potentially harmful monitoring, but it has yet to name any of the offending titles.

“Apple has removed a few apps from the App Store that install root certificates that could allow monitoring of data,” company officials wrote in an advisory posted Friday. “This monitoring could be used to compromise SSL/TLS security solutions. If you have one of these apps installed on your device, delete both the app and its associated configuration profile to make sure your data remains protected.”

Apple representatives didn’t respond to an e-mail seeking the names of the offending apps and an explanation of why they weren’t identified. This post will be updated if they reply later.

Read 4 remaining paragraphs | Comments

Ars Technica » Technology Lab