An issue at Apple appears to be resulting in app developers getting emails of ad spend and install summaries for apps belonging to other developers.
The issue — which appears specific right now to developers using Search Ads Basic, ads that appear as promoted apps when people search on the App Store — was raised on Twitter by a number of those affected, including prominent developer Steve Troughton-Smith, who posted a screenshot of an email that summarized January’s ad spend and install data another developer’s two apps. Several others replied noting the same issue, listing more developers and random apps.
We have contacted a few of them and two, Louis D’hauwe and Rafael Costa, confirmed that the mis-sent email appears to be the only issue right now. We have also contacted Apple and will update this post as and when Apple responds.
It isn’t clear just how many are being affected — or why — but the incidents are numerous enough for the problem to be visible on Twitter. By extension of that, the issue could expose the private data belonging to a sizable number of businesses and developers whose use Apple’s App Store ad products.
This isn’t the first developer privacy snafu in recent times. Back in 2015, a number of developers logging into Apple’s iTunes Connect portal found themselves presented with accounts and data belonging to other users.
But again, in this instance, developers who received the rogue emails tell TechCrunch that both Apple’s iTunes Connect and Developer Portal services functioned as usual. In other words, despite being emailed someone else’s information, they were not able to log into the third party’s account.
That obviously avoids a very major data leak, but even still the erroneously sent emails are releasing confidential information about apps, such as how much money they are spending on apps and how that’s translating into downloads, that developers might prefer not to share.
We’ve contacted Apple to get an idea of what is going on here, and how many developers/accounts have been affected. We’ll update this post as and when we know more.