How does the Apple app ‘rogue ad’ security problem affect the FX industry? – We find out

Several hundred applications have been removed from Apple’s Appstore as a result of a security compromise which has been created by advertising software from China which extracts personally identifiable information. The applications which have been revoked by Apple are specifically those which collect personal data which violates the Appstore privacy policies. Apple has made a corporate […]

Several hundred applications have been removed from Apple’s Appstore as a result of a security compromise which has been created by advertising software from China which extracts personally identifiable information.

The applications which have been revoked by Apple are specifically those which collect personal data which violates the Appstore privacy policies.

Apple has made a corporate statement on the matter, to the effect that:

“We’ve identified a group of apps that are using a third-party advertising SDK (software development kit), developed by Youmi, a mobile advertising provider, that gather private information, such as user email addresses and device identifiers, and route data to its company server.”

Mobile applications for trading on FX platforms are de rigeur these days, and there is a school of thought which considers mobile-first, or mobile-led trading environments to become commonplace in the very near future. By their very nature, trading platforms need to store personal data, thus are potentially at risk from such rogue applications as that which was developed by Youmi.

Today, FinanceFeeds spoke to James Glyde, Business Development Manager at Spotware Systems, the firm which developed the cTrader and cAlgo platforms in order to gain full perspective on this matter.

Mr. Glyde explained to FinanceFeeds:

“The key to ensuring the security of your mobile application products is to not only to use genuine software development kits, which may seem like an obvious one but was still the cause which led to this outcome. Essentially these developers themselves were conned and Youmi’s agenda is now very clear.”

“When it come to your clients sensitive information you can’t skimp, eventually it will cost you. Similarly the practice of outsourcing development can be criticised for similar reasons, this is why all of Spotware’s platforms are designed, managed and developed in house to avoid any potential harmful outcomes.”

“Mobile trading platforms are an essential need, since the currency markets are always on the move, as are us human beings, this is why so much of our efforts are concentrated on our mobile apps.”

james
James Glyde, Spotware Systems

Apple reiterated that it does not allow third party applications to share user data without permission from the user itself and that it rejects applications that require users to share information.

This could be potentially problematic for FX firms with mobile apps that share user information in order to follow strategies, or in which users can develop their own applications for trading platforms.

On this basis, Mr. Glyde stated that this is an “interesting and valid concern, but there is a distinct difference between this case and how trading platforms should work.”

“Here a Private API was hidden inside the applications secretly added by the counterfeit software development kit which was routed sensitive information directly to Youmi’s server and not the server of the developer which supports the application and where all data should be transmitted, even information which is to be sent to or accessed from third parties, a clear compromise of security.”

“Like any trading platform, mobile ones included, they communicate with the trading server prior to any other service, for example a third party application like Myfxbook which uses our Open API or Spotware’s own native cMirror trading platform.”

Indeed, Mr. Glyde’s conclusion shows how critical factors which can affect the use of applications to the extent of the actual mobile platform company, in this case Apple, taking action, and how trading platform vendors can engineer their systems in a way that they will not fall foul of such a circumstance.

 

Read this next

Digital Assets

DeFiChain tokenizes Walmart, Unilever, US Oil and Gas Funds

Bitcoin-based DeFi platform DeFiChain is opening up the opportunity for its users to trade crypto versions of Walmart, Unilever, US Oil Fund, and US Gas Fund.

Industry News

The B2Broker B2Core REST API Is Now Live

B2Broker has announced the release of its new REST API, which lets customers use B2Broker’s solutions and services for business purposes.

Executive Moves

CME Group taps Paul Woolman to lead Equity Index, Giovanni Vicioso to lead Crypto

“Our equity and cryptocurrency businesses have experienced tremendous growth in recent years, underpinned by strong customer adoption and continued innovation.”

Technology

Sumsub launches document-free KYC for users in India, Brazil, Nigeria and Indonesia

Sumsub has launched one click-KYC for users in India, Brazil, Nigeria and Indonesia in a move that allows businesses to instantly onboard over 2 billion users without requesting their ID documents.

Digital Assets

Cboe becomes first major global exchange operator on DeFi data platform, Pyth Network

“Our participation in the Pyth network will provide another avenue to broaden customer access to our data, and aligns with our strategy to deliver market data to investors around the globe based on how they want to consume their data, whether through direct connectivity methods, the cloud or the blockchain.”

Industry News

FINRA fines Barclays Capital $2 million for best execution failures for 5 years

FINRA has fined Barclays Capital $2 million for failing to comply with its best execution obligations in connection with its customers’ electronic equity orders between January 2014 and February 2019. 

Digital Assets

SETL helps SWIFT, CSDs and custodians develop common framework for tokenisation systems

London-based enterprise DLT and blockchain company SETL has delivered a pilot project for SWIFT which implemented a common framework linking tokenisation systems between central security depositories (CSDs) and global custodians.

Digital Assets

Crypto volumes hit CHF 87.1 million at Switzerland exchange

Switzerland’s principal exchange has experienced a rebound in trading activities for September 2022, with monthly volumes increasing by more than 20 percent MoM.

Digital Assets

Bitcoin Suisse Vault taps Polkadot governance features

Bitcoin Suisse has added support for Polkadot protocol governance on its proprietary, hyper-secure cold storage solution, the Bitcoin Suisse Vault.

<