In a report from TechCrunch, Apple has removed several iOS ad blockers for installing root certificates. One of those ad blockers is Been Choice which basically allows the blocking of ads within apps (iOS ad blockers only blocks ads on Safari). This sounds great, but unfortunately in the process it has left iOS devices open to man-the-the-middle attacks.
For those unfamiliar with the root certificate, basically it allows the developers access to your encrypted traffic. For the most part it does not seem like they use it for nefarious purposes, more like to remove the ads before sending it back to you, but in the process and because the information is being passed through an external server, it has the potential of being read by a third-party.
In a statement released by Apple, “Apple is deeply committed to protecting customer privacy and security. We’ve removed a few apps from the App Store that install root certificates which enable the monitoring of customer network data that can in turn be used to compromise SSL/TLS security solutions. We are working closely with these developers to quickly get their apps back on the App Store, while ensuring customer privacy and security is not at risk.”
In the meantime if you have apps like Been Choice installed, maybe you should consider removing from your phone for now, at least until it has been patched.