Apple throws in-app ad blockers out of the iOS App Store, citing security concerns

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

iOS 9 brought ad-blocking to mobile Safari users, which either delighted or disgusted you (depending on whether you were an online site which relied upon advertising or not).

Here is the video where I demonstrated how you can set up iOS 9 to block ads in the built-in web browser.

iOS: How to block ads and prevent tracking | Graham Cluley

But now some content-blocking apps, which went took the concept of blocking ads in the web browser and took it to the logical next step of also preventing ads from appearing in third-party mobile apps such as Facebook and Pinterest, have felt the wrath of Cupertino.

Sign up to our free newsletter.
Security news, advice, and tips.

Yes, Apple has moved swiftly to kick the likes of Been Choice out of the iOS app store, citing security concerns.

Been choice

Been Choice and similar apps differ from regular ad-blockers like Purify and Crystal by tunnelling your phone’s web traffic through a VPN, which examines what content your device is being sent and strips out any ads.

In this way it can stop both regular web-based ads from appearing, and the ads that appear in – say – the Facebook app.

Block using vpn profile

Sounds neat, huh?

Well, that all rather depends on whether you trust the company filtering your iPhone’s web traffic, as your data is now going through their servers, where it will be inspected for adverts and other potentially undesirable content.

Been Choice defended the app’s behaviour, claiming that the only content routed to its VPN was tracker and ad traffic.

But, presumably realising that it was unlikely to win a fight with the custodians of the App Store, Been Choice told its Twitter followers that it would stop blocking in-app ads:

https://twitter.com/beenchoice/status/652321782796435456

As Apple’s own Apple News is one of the apps that has its revenue-generating in-app ads censored by Been Secure, it’s perhaps not surprising that Cupertino has looked unkindly on the aggressive ad-blocking.

An Apple spokesman told iMore that some apps had been removed from the store for taking, in its opinion, ad-blocking too far:

“Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.”

For its part, Been Choice says it will be addressing Apple’s concerns and will issue a revised version of its app to the iOS App Store in the near future.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

5 comments on “Apple throws in-app ad blockers out of the iOS App Store, citing security concerns”

  1. David L

    And Apple tries to claim the moral high ground over Google? Seems to me,there is some massive hypocrisy going on at Apple. I spent several hours researching just what personal information Apple collects and how they use it to build profiles on users,then sell ad space for their own profits. It's a little obnoxious that they profit from selling you a phone,and related services,and then want to push ads on you too. Not only that,but the carriers want a piece of you as well!

    That said, Verizon has started using the Zombie Super Cookies AGAIN, and have made opting out extremely difficult. Here is a story on this egregious,obnoxious,disrespectful,GREEDY behavior.

    Verizon super cookies are back!
    https://www.propublica.org/article/verizons-zombie-cookie-gets-new-life

  2. Simon

    Seems unless you revert to an old Nokia, host your own email, avoid social media, you 'might' be able to mitigate against being 'profiled' amongst telco's and big companies…

    However this isn't any different to companies using/selling our contact details for 'marketing' purposes…

    1. coyote · in reply to Simon

      No, no, not at all. I do this (although admittedly I also use my ISP mail and for specific correspondences gmail) and I still wouldn't be able to stop it all. Even if I were to stop using ISP mail and gmail I would still face this reality.

      Besides that, you have the courts that force telcos (and other corporations) to hand over information. There are too many variables to consider but I'm afraid the 'might' you refer to is more like 'will still not'.

      1. Spryte · in reply to coyote

        Quite Right!

        Even if I use Putty (or something similar) to get to my old freenet mail account, it is full of spam… and Lynx( yes it eliminates ***some*** tracking ), I'm not sure I I remember how to use it (properly)!!

        As i have told many friends/clients… If you choose to use the internet, you choose between tracking and privacy. It is quite easy to log everything your clients do if you are the ISP or…

        Although even if you send information through 'Sail Mail' and label it "Personal and Confidential" there is no guarantee of privacy either.

        Especially if it goes through a corporate mail room.

        1. coyote · in reply to Spryte

          I just use openssh but I'm a long time Unix (admittedly almost-exclusively Linux in recent years). Lynx isn't hard to use but there isn't much to do, is there? My own mail hosted accounts aren't spammed but I see many attempts at sending to not-existent accounts as well as relaying to other host. Some networks I've seen so much abuse from that I add a null route so as to not worry about them ever again.

          But no matter where you are, privacy (generally) is mostly a myth. Sure, you can have private moments, but the bottom line is that you aren't free from being watched by others (espionage and otherwise). And indeed, snail mail won't be completely private either, especially if you were to do something like that. That's why never include cash in mail (and other similarly abused things). And while redaction is (mostly?) during wartime you always have the risk that it will be read by others (e.g. WW2 the governments would read mail and redact information, either by blacking it out or cutting it – I've seen both through family archives).

          Then there is so-called private mail…

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.