Apple to pull hundreds of iPhone apps that are illegally collecting personal data

Apple is to remove at least 256 apps from its iOS App store after security analysts found they were secretly gathering iPhone owner's unique serial numbers, email addresses and other personal information.

Security analytics startup SourceDNA told Ars Technica that it is the first time it has found apps live in the App Store that are violating user privacy by pulling data from private APIs. The situation represents a significant issue for Apple which usually operates a tight vetting process and a strict privacy policy regarding personal data collection.

Chinese mobile ad provider Youmi developed the software for the apps in question and SourceDNA estimates that a million people, mostly in China, have downloaded the apps in total.

In response the findings Apple released the following statement: "We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server.

"This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

The discovery comes just a week after Apple removed several apps that had the ability to spy on encrypted traffic.

Get The Drum Newsletter

Build your marketing knowledge by choosing from daily news bulletins or a weekly special.