How does the Apple app ‘rogue ad’ security problem affect the FX industry? – We find out

Several hundred applications have been removed from Apple’s Appstore as a result of a security compromise which has been created by advertising software from China which extracts personally identifiable information.

The applications which have been revoked by Apple are specifically those which collect personal data which violates the Appstore privacy policies.

Apple has made a corporate statement on the matter, to the effect that:

“We’ve identified a group of apps that are using a third-party advertising SDK (software development kit), developed by Youmi, a mobile advertising provider, that gather private information, such as user email addresses and device identifiers, and route data to its company server.”

Mobile applications for trading on FX platforms are de rigeur these days, and there is a school of thought which considers mobile-first, or mobile-led trading environments to become commonplace in the very near future. By their very nature, trading platforms need to store personal data, thus are potentially at risk from such rogue applications as that which was developed by Youmi.

Today, FinanceFeeds spoke to James Glyde, Business Development Manager at Spotware Systems, the firm which developed the cTrader and cAlgo platforms in order to gain full perspective on this matter.

Mr. Glyde explained to FinanceFeeds:

“The key to ensuring the security of your mobile application products is to not only to use genuine software development kits, which may seem like an obvious one but was still the cause which led to this outcome. Essentially these developers themselves were conned and Youmi’s agenda is now very clear.”

“When it come to your clients sensitive information you can’t skimp, eventually it will cost you. Similarly the practice of outsourcing development can be criticised for similar reasons, this is why all of Spotware’s platforms are designed, managed and developed in house to avoid any potential harmful outcomes.”

“Mobile trading platforms are an essential need, since the currency markets are always on the move, as are us human beings, this is why so much of our efforts are concentrated on our mobile apps.”

Apple reiterated that it does not allow third party applications to share user data without permission from the user itself and that it rejects applications that require users to share information.

This could be potentially problematic for FX firms with mobile apps that share user information in order to follow strategies, or in which users can develop their own applications for trading platforms.

On this basis, Mr. Glyde stated that this is an “interesting and valid concern, but there is a distinct difference between this case and how trading platforms should work.”

“Here a Private API was hidden inside the applications secretly added by the counterfeit software development kit which was routed sensitive information directly to Youmi’s server and not the server of the developer which supports the application and where all data should be transmitted, even information which is to be sent to or accessed from third parties, a clear compromise of security.”

“Like any trading platform, mobile ones included, they communicate with the trading server prior to any other service, for example a third party application like Myfxbook which uses our Open API or Spotware’s own native cMirror trading platform.”

Indeed, Mr. Glyde’s conclusion shows how critical factors which can affect the use of applications to the extent of the actual mobile platform company, in this case Apple, taking action, and how trading platform vendors can engineer their systems in a way that they will not fall foul of such a circumstance.