An issue at Apple appears to be resulting in app developers getting emails of ad spend and install summaries for apps belonging to other developers.
The issue — which appears specific right now to developers using Search Ads Basic, pay-per-install ads that appear as promoted apps when people search on the App Store — was raised on Twitter by a number of those affected, including prominent developer Steve Troughton-Smith, who posted a screenshot of an email that summarized January’s ad spend and install data another developer’s two apps. Several others replied noting the same issue, listing more developers and random apps.
We have contacted a few of them and two, Louis D’hauwe and Rafael Costa, confirmed that the mis-sent email appears to be the only issue right now. We have also contacted Apple and will update this post as and when Apple responds.
Search Ads Basic is an ad format that Apple only launched in December as a pay-per-install ad format that sits alongside its other, older search ad product, which is now called Search Ads Advanced.
The newer Basic format is aimed at smaller developers and those just getting started with app store advertising. Developers using the Advanced option pay per tap on their ads and have a wider range of options when targeting their ads; those opting for Basic only pay per install and have a more limited set of parameters. Installs from both help formats apps move up the app store rankings as Apple considers them “high quality” downloads.
It isn’t clear just how many are being affected by the email glitch — or why — but the incidents are numerous enough for the problem to be visible on Twitter. By extension of that, the issue could expose the private data belonging to a sizable number of businesses and developers whose use Apple’s App Store ad products.
This isn’t the first developer privacy snafu in recent times. Back in 2015, a number of developers logging into Apple’s iTunes Connect portal found themselves presented with accounts and data belonging to other users.
But again, in this instance, developers who received the rogue emails tell TechCrunch that both Apple’s iTunes Connect and Developer Portal services functioned as usual. In other words, despite being emailed someone else’s information, they were not able to log into the third party’s account.
That obviously avoids a very major data leak, but even still the erroneously sent emails are releasing confidential information about apps, such as how much money they are spending on apps and how that’s translating into downloads, that developers might prefer not to share.
We’ve contacted Apple to get an idea of what is going on here, and how many developers/accounts have been affected. We’ll update this post as and when we know more.