Apple has removed several ad-blocking apps from its Store that created a risk of "man-in-the-middle" security breaches. While Apple now permits ad-blockers for Safari, the banned apps also block ads from native apps by installing their own "root certificates" and shunting all traffic through a VPN. From there, they read the unencrypted traffic and remove ads, provided you enable the feature. While there were no reported breaches, Apple decided to pull the apps, noting that they "install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions." Starting with iOS 9, Apple decided to allow regular ad-blockers for Safari and other browsers, provided they don't monitor user traffic.
No comments:
Post a Comment