It looks like Apple is using its rejection power for good this time — removing games built on the Unity engine which included private-API calls that could be used to steal private user information like your iPhone’s phone number.
Not all of the rejected/removed games were engaged in privacy violations (or even had the network capability to exploit it), but Apple isn’t taking any chances following the Storm8 lawsuit. Here are a few details:
The Unity engine currently uses the two private API calls that Storm8 allegedly exploited to steal user data, NSGetEnviron and excserver. Mantas Puida of Unity Technologies explains these two API’s utilized by the Unity engine serve the following functions:
_NSGetEnviron is used by Mono runtime to provide implementation of .NET core API method: Environment.GetEnvironmentVariable().
exc_server is also used by Mono runtime to provide graceful NULL reference exception handling.
The Unity engine, however, has been updated to remove the offending API calls, and the games are being recompiled and resubmitted to the App Store. This move should deter developers lacking integrity from jacking our numbers and spaming us with there ads.
Mon, Nov 16, 2009
Uncategorized
| Author: ArguegeGela