The issue — which appears specific right now to developers using Search Ads Basic, pay-per-install ads that appear as promoted apps when people search on the App Store — was raised on Twitter by a number of those affected, including prominent developer Steve Troughton-Smith, who posted a screenshot of an email that summarized January’s ad spend and install data another developer’s two apps. Several others replied noting the same issue, listing more developers and random apps.
We have contacted a few of them and two, Louis D’hauwe and Rafael Costa, confirmed that the mis-sent email appears to be the only issue right now. And it appears there are no other issues with Apple’s developer tools. We have also contacted Apple and will update this post as and when Apple responds.
That obviously avoids a very major data leak, but even still the erroneously sent emails are releasing confidential information about apps, such as how much money they are spending on apps and how that’s translating into downloads, that developers might prefer not to share, and might get shared inadvertently with direct competitors.
“I checked my account and everything is OK,” Troughton-Smith told us in a message, “but it’s still a worrying confidential customer data leak nonetheless as per the other developers in your article, but it’s still a worrying confidential customer data leak nonetheless
Search Ads Basic is an ad format that Apple only launched in December as a pay-per-install ad format that sits alongside its other, older search ad product, which is now called Search Ads Advanced.
The newer Basic format is aimed at smaller developers and those just getting started with app store advertising. Developers using the Advanced option pay per tap on their ads and have a wider range of options when targeting their ads; those opting for Basic only pay per install and have a more limited set of parameters. Installs from both help formats apps move up the app store rankings as Apple considers them “high quality” downloads.
It isn’t clear just how many are being affected by the email glitch — or why — but the incidents are numerous enough for the problem to be visible on Twitter. By extension of that, the issue could expose the private data belonging to a sizable number of businesses and developers whose use Apple’s App Store ad products.
This isn’t the first developer privacy snafu in recent times. Back in 2015, a number of developers logging into Apple’s iTunes Connect portal found themselves presented with accounts and data belonging to other users. The company has also stumbled with user accounts in recent iCloud migration in China.
But again, in this latest instance, developers who received the rogue emails tell TechCrunch that both Apple’s iTunes Connect and Developer Portal services functioned as usual. In other words, despite being emailed someone else’s information, they were not able to log into a third party’s account.
We’ve contacted Apple to get an idea of what is going on here, and how many developers/accounts have been affected. We’ll update this post as and when we know more.
Let's block ads! (Why?)