Apple no longer accepting VPN-based ad blockers to App Store, report says
Apple is reportedly limiting App Store distribution of VPN/root certificate-based ad blockers capable of blocking adds in other third-party apps, and will instead support only first-party content blockers offered through Safari.
The supposed policy shift came to light in an interaction between Apple and developer Future Mind, which markets a number of apps including the VPN-based content blocker AdBlock.
According to MacRumors, Future Mind recently saw a submitted update for AdBlock, which has been on the App Store since 2014, rejected by Apple's App Review Board. The group told Future Mind CTO Tomasz Koperski that Apple is no longer allowing VPN/root certificate-based ad blockers to be sold through the App Store.
"After submitting an appeal to the App Review Board, a member of the Review Team contacted me directly via phone and informed that Apple has officially changed their policy regarding VPN/root certificate based ad blockers on the App Store and is no longer accepting updates of apps, which directly block content in third party apps," Koperski said. "The only officially allowed ad blocking method is now Safari Content Blockers."
4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description," and to get even more specific, Future Mind was told the update was rejected because "Your app uses a VPN profile or root certificate to block ads or other content in a third-party app, which is not allowed on the App Store."
Koperski was also informed that AdBlock violates section 4.2.1 of the App Store Review Guidelines, which states, "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description."Further, Apple specifically called out AdBlock's use of VPN profiles and root certificates to block content in a third-party app, a practice not allowed on the App Store, the report said.
It seems Apple is implementing the change as developers update existing apps, as a number of titles employing VPN-based content blocking techniques are still available for download. Presumably, new app submissions that leverage similar technology will also be denied.
The policy shift comes as Apple places heavy emphasis on its web browsing experience. At WWDC 2017 in June, the company announced new features set to debut in macOS High Sierra, including autoplay video ad blocking and intelligent tracking prevention, both of which aim to cut down on intrusive advertisements.
The supposed policy shift came to light in an interaction between Apple and developer Future Mind, which markets a number of apps including the VPN-based content blocker AdBlock.
According to MacRumors, Future Mind recently saw a submitted update for AdBlock, which has been on the App Store since 2014, rejected by Apple's App Review Board. The group told Future Mind CTO Tomasz Koperski that Apple is no longer allowing VPN/root certificate-based ad blockers to be sold through the App Store.
"After submitting an appeal to the App Review Board, a member of the Review Team contacted me directly via phone and informed that Apple has officially changed their policy regarding VPN/root certificate based ad blockers on the App Store and is no longer accepting updates of apps, which directly block content in third party apps," Koperski said. "The only officially allowed ad blocking method is now Safari Content Blockers."
4.2.1, which says "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description," and to get even more specific, Future Mind was told the update was rejected because "Your app uses a VPN profile or root certificate to block ads or other content in a third-party app, which is not allowed on the App Store."
Koperski was also informed that AdBlock violates section 4.2.1 of the App Store Review Guidelines, which states, "Apps should use APIs and frameworks for their intended purposes and should indicate that integration in their app description."Further, Apple specifically called out AdBlock's use of VPN profiles and root certificates to block content in a third-party app, a practice not allowed on the App Store, the report said.
It seems Apple is implementing the change as developers update existing apps, as a number of titles employing VPN-based content blocking techniques are still available for download. Presumably, new app submissions that leverage similar technology will also be denied.
The policy shift comes as Apple places heavy emphasis on its web browsing experience. At WWDC 2017 in June, the company announced new features set to debut in macOS High Sierra, including autoplay video ad blocking and intelligent tracking prevention, both of which aim to cut down on intrusive advertisements.
Comments
Much (if not all) of the app functionality will be built-in to Safari now. Besides, most of the ad blockers are scams, receiving kickbacks from advertisers that wish to be white listed.
Setting your unwarranted insult aside, it's equally as much about privacy as it is about sanity and calm. The content blocking in Safari is just that -- it's for Safari only. It won't allow me to control what various apps on my phone are doing, such as a calculator app or alarm clock app sending/receiving data from the internet when it has no business to, or apps that have trackers or other means of trying to monetize my usage. So pardon me, I'd like to think my disgust is rather justified.
Mentions privacy while going for an iPhone knockoff. Some people never learn.
VPN's work by creating an encrypted tunnel from your device to the VPN service's server where the data is then sent out and received normally. This gives the benefit of your local ISP not being able to track your activity as well as preventing anyone on the local network seeing what kind of data, even if it's encrypted with SSL, from seeing what you're doing, but you still have to trust your VPN provider.
I use PIA every time I'm using public WiFi because I trust them more than I trust whomever could be snagging my local data. With the direction things are going in the US I may start to use on my private WiFi to prevent my ISP from tracking my activity, too.
Reducing the number of open services on the device, or on the router is what I do all the time; they better have a damn good reason for being there and staying up.
VPN in itself relies on how confident you are in the endpoints, and if you think they're somehow compromised.
A compromised external device on a VPN that has access to an internal network would be a real bad security risk. That's why you often connected to an isolated segmented network first when connecting into a company (if they've done their mitigation work properly).
An ad blocker is not "a VPN app", just like a browser is not a VPN software either despite the fact you can run one inside it. That's not their primary function at all.
Been using VPN's since they first appeared in about 93 in Cisco routers and ran vpn tunnels over ssh by the late 90s. So, I'm quite familiar with them.. Thanks for the info though (sic).
Its bad security to keep ports/services open anywhere, especially with endpoints of dubious security.
Your giving access to your browser to those things; not something trivial at all; a possible entry vector for social engineering, getting a web workers running some bots or bitcoin mining or whatever, without any way really of monitoring this (except battery usage which many people don't look at).
I'm guessing you don't actually care about privacy or security either- all you care about is stripping away ads from free ad supported apps, in which ads are the only way the developer can support themselves, instead of actually paying a pittance to remove the ads legitimately. At the end of the day, 99% of Android users who vehemently champion "open" and bash iOS only do so because they're thieves and enjoy side-loading paid apps at no cost, not because they have any real principles. And you obviously fall within this category, seeing as how you want to have your cake (no ads ever in apps) and eat it too (you don't want to pay for anything). How is a developer supposed to support himself if they can't show a single ad, and you don't pay them a single cent? People like you is how the entire industry gets screwed and developers don't make a dime. So spare us your sanctimonious bullshit, because that's all it is.
https://techcrunch.com/2015/10/06/apple-approves-an-app-that-blocks-ads-in-native-apps-including-apple-news/
"When the VPN is enabled, traffic is then routed through Been Choice’s servers where it performs deep packet inspection on the content. It can then remove specific content – like ads – through pattern matching.
“While we inspect headers and the body, no user content is stored, and our filtering is done on the fly. This approach may be more familiar in its corporate form. For example, companies use deep packet inspection on their managed devices to ensure that sensitive information never leaves internal corporate networks,” explains Yoon.
This ability, the company claims, makes Been Choice the first to block ads in Facebook’s native iOS app. In addition, the app blocks ads in Pinterest, Pandora, Yahoo and the New York Times apps, among others. It also blocks sponsored posts, native ads, and pre-roll videos like those in news apps from CNN or CNBC, for example.
Surprisingly, Been Choice is also capable of blocking ads in Apple’s News app, as well.
Twitter, however, is not blocked because of its use of end-to-end encryption that makes it impossible to block ad traffic without blocking non-ad traffic."
This has the potential to be sending all data through a 3rd party server: every email you send, every photo/video you upload, every web page you visit. The company selling AdBlock says they don't route general traffic through their servers, just ad content:
http://nomobileads.com/privacy
It says here that they aren't using a VPN at all:
https://www.reddit.com/r/VPN/comments/5pdw00/is_an_ad_block_app_that_creates_a_vpn_profile/
That says they setup a fake VPN that routes ad content to it locally, which then fails to connect. That may be what Apple is talking about when it says the app isn't doing what it says. This would be equivalent to the hosts file on the Mac where you put in a set of ad domains and route them to 127.0.0.1 so they don't load.
Some of the VPN providers are routing your content through their servers, which is a privacy concern. Some of them aren't setting up a proper VPN. The latter is the better option as it does ad-blocking locally.
The functionality these apps provide should still be available, blocking them from the store will mean having to do a manual configuration of the VPN. The fake VPN setup would be done the following way:
https://nerd.one/vpn-on-demand-configuration-profiles-for-ios-and-macos-explained/
https://www.derman.com/blogs/Begin-Configuration-Profile-Setup
The on-demand VPN functionality wasn't intended to be used as an ad-blocker.
Apple will want to be supporting both their developers and their users here and they have conflicting interests. Developers and content publishers need to use ads to support themselves in some cases, user hate seeing ads and want them all blocked. Most of the ads people will see are browser ads so the Safari content blockers will suffice for most users. For in-app ads, that's up to the developer, if the ads are annoying then users can tell the developer to either remove them or offer a paid option.
A hosts file equivalent on iOS would be useful for permanently blocking bad hosts like MacKeeper and similar.
Maybe Apple can make a feature where people can subscribe to a system-level ad-blocker for say $0.99/month and it blocks all ads in all apps. Then whenever it detects a blocked ad, part of the subscription revenue goes to that developer. An ad view is only worth about 0.1c so $0.99/month covers nearly 1000 ad views/month. The developers might actually make more money that way. Alternatively, this can just be an alternative to ads and instead be a store-wide subscription. Rather than $0.99 per app, it would be $0.99/month ($9.99/year) for all apps that are in the program. If you aren't in the subscription, it wouldn't necessarily mean you don't get the app but it can be time-limited or have some other restrictions unless subscribed and this subscription can work across Apple News, Music etc.
not to mention how much of a potential battery suck age those things would potentially be.
This applies to Samsung Galaxy phones?