Apple’s ability to maintain control of its large community of app developers to protect iPhone owners’ privacy has been challenged by another widespread violation of its security rules.  

The company removed hundreds of apps from its App Store on Monday after security researchers discovered that they were all using the same technique to collect personal information including users’ email addresses and device serial numbers.

The apps that eluded Apple’s reviewers — who vet every new app before allowing them into the store — were all developed using a software kit from Youmi, a Chinese advertising company. Data were sent from the apps back to Youmi’s servers, where they could have been used for intrusive targeting of ads. 

“This is the first time we’ve seen iOS apps successfully bypass the app review process,” said researchers at SourceDNA, who uncovered the issue. SourceDNA found 256 affected apps, mainly developed in China, that had been downloaded an estimated 1m times, it said in a blogpost. 

Apple said developers using Youmi’s development kit were in “violation of our security and privacy guidelines”. 

“The apps using Youmi’s SDK [software development kit] will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected,” Apple said on Monday. “We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.” 

The incident marks the second time in a month that Chinese technology has been used to threaten Apple customers’ personal data, despite the company’s promises to clamp down on privacy violations. 

Apple’s tight control of apps has long been seen as a competitive advantage, ensuring a consistent user experience as well as being more secure. Smartphones running Google’s Android — which does not have such a strict review process for third-party apps — have often been criticised by security researchers for its vulnerability. 

But it is possible that developers were able to insert the Youmi code into their apps directly, without having to go through the App Store review process. 

“Obviously, iOS is still massively more secure than Android, but its reputation for being essentially impervious to malware is starting to show the first small signs of slipping,” Mr Dawson said.