Apple this evening has removed a handful of apps from the App Store that install root certificates of their own. By installing their own root certificate, the app developers could theoretically gain access to encrypted traffic from users. Among some of the apps being removed are a select number of ad blockers. The ad blockers that have been removed are ones that block content both in Safari and in other apps.
The process that developers went through to be able to block ads in third-party apps is basically setting up a VPN where all traffic is run through the developer’s servers to remove the ads. This is a process that, obviously, could be used for malicious practices.
One of the most prominent apps that has been removed is ad blocker Been Choice, which performs essentially the exact aforementioned process of installing a root certificate on the device. Been Choice, because it did this, was able to block ads inside other apps.
Apple said in a statement to TechCrunch that it removed “a few apps” because they compromise SSL/TLS security solutions. The company also noted, however, that it is working with the developers of the removed apps to get them back onto the App Store with more security measures in place.
Whether or not these apps will return with the capability of blocking content inside other apps remains to be seen, but given that Apple doesn’t offer an official method by which to do that, it seems unlikely.
