MacRumors reports that Apple has pledged to remove 256 apps that analytics firm SourceDNA has discovered to be collecting personally identifiable user information such as Apple ID email addresses via Chinese third-party SDK Youmi, which is already prohibited in Apple Store guidelines.
SourceDNA found the 256 affected apps via its developer tool Searchlight; they represent over 1 million downloads, all of which were violating user privacy. According to SourceDNA most of the developers are based in China, and because the tool kit is delivered in binary, they might not even have known of the privacy issue.
The personal data, such as lists of all apps on the phone, and email addresses associated with the Apple ID of the user, is gathered via private APIs before being routed via Youmi’s servers in China.
Apple has acted on the information that SourceDNA has forwarded to it, and issued the following statement:
Source: Apple Removes Over 250 iOS Apps With Ad SDK That Collects Personal User Data