Some iOS apps revealed to be gathering private user information
Security analytics startup SourceDNA reports that, by recent count, there are 256 iOS apps that bypass Apple's App Store review process, gathering personal information like email addresses and serial numbers.
On its blog, the company writes that "this is the first time" its researchers have seen iOS apps that skirt Apple's review process for admitting apps into the store. SourceDNA did not release a list of which apps were affected, but estimated that the apps in question have been downloaded about one million times.
This data collected from these apps is even unknown to the developers of the specific apps. The user information is being gathered software tools that app makers use to deliver ads.
Apple issued a statement regarding the security risk stating that a software development kit (SDK) from mobile advertising provider Youmi used private APIs - toolsets for building software applications - to collect the personal information.
"This is a violation of our security and privacy guidelines," Apple said in the statement. "The apps using Youmi's SDK have been removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected."
Apple will work with developers on updated versions of their apps that are safe for customers. These versions will be in keeping with the App Store guidelines and will be "back in the App Store quickly," according to the statement.
SourceDNA found that the personal data collection occurred gradually over the past year, Ars Technica reported.
This current privacy concern comes after 39 apps from developers in China were reported to be infected with malware that compromised consumers' personal information.