Apple Builds Another Walled Garden -- Around iPhone Ad Blockers

In its various attempts to lock out bad actors or keep third-parties at bay, Apple has set up a number of walled gardens. They allow other software makers to play on its iPhones, just not too loudly or dangerously. Sometimes, though, those walls prevent responsible kids from doing all the good things they’d like to do.

Take browser makers, like Mozilla and Google . They are increasingly fond of letting users block content, such as adverts. Apple too has been more hospitable to ad blockers in iOS 9 with the inclusion of a specially-designed application programming interface (API) - the slice of code that allows outside use of certain functions in software. This new API, which has been in Mac OS X for some time, made it much easier for ad blockers to hide content in Safari.

But, as Mozilla’s Firefox VP Mark Mayo explained to me, Apple has kept that same API private on iOS, meaning his company and other browser makers can't use it without breaking Apple's rules. Firefox for iOS is currently available for preview in Australia, Austria, Canada and New Zealand, as Mozilla builds the software up to compete with Safari and Google Chrome, amongst others.

There are other ways in which browsers can block content on iPhones. They could bake the blocking into the browser itself or could build their own APIs to support ad blockers. But that would take far more engineering time than incorporating the ready-made API.

And, as explained in an excellent description of how to build an ad blocker on Apple's smartphone, such makeshift tools can be cumbersome and slow down the browsing experience. That additional API makes it simple to add efficient ad blockers. But only Safari can use it right now.

It’s unclear why Apple hasn’t opened that API. It declined to comment on this article. As pointed out by Casey Oppenheim, who heads up browser privacy firm and Mozilla partner Disconnect.me, "if the API was public, users who want integrated content blocker would have more choice about what iOS browser to use". Another walled garden? It would appear so.

A way over the wall?

It’s unclear how far Apple actually goes to ensure developers are not abusing access to private APIs, however. Research revealed yesterday that misuse of certain APIs used for advertising purposes had exposed iPhone users’ data. SourceDNA, which seeks to make code more transparent, said it found the Youmi software development kit (SDK) from China, used to monetize apps with advertising, were bypassing Apple’s policies by accessing private APIs. This meant Youmi, not the app developers who used the SDK, was harvesting user email addresses and device identifiers.

It appeared Youmi had successfully hidden that activity from Apple’s App Store vetters, sneaking in 256 policy-breaking apps with an estimated 1 million downloads into the market.

Apple has now taken action, removing any apps containing the Youmi SDK and blocking others trying to enter the market. “We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly,” according to a statement given to SourceDNA.

On one side Apple has failed to keep privacy eroding code from using private APIs, and at the same time isn't opening APIs that would help prevent that kind of ad abuse.