Chinese mobile advertising company Youmi has beaten a swift retreat and issued an apologetic release over its mining of private user data from Apple’s App Store.
Apple has banned hundred of apps because they were secretly collecting users’ personal data including email addresses and device information.
The 256 apps in question were all using third-party advertising software from Youmi. The company’s software development kit (SDK) was collecting the information from app users without their or Apple’s knowledge.
The affected apps were almost all China based, a country in which Apple has struggled to recreate its global success.
Privacy and tech snooping is a significant issue in China and one its private sector is working hard to combat, following several scandals in the recent past.
The App Store breach, first reported by Ars Technica, was brought to Apple’s attention by data security firm SourceDNA. It told Technica that the data collecting was most likely occurring without even the app developers’ knowledge.
In a statement, Youmi looked to immediately address any reputational fallout with a contrite apology.
The agency said it sincerely apologised for the incident and is "urgently implementing remedial measures". It also recommended a quick course of action to app developers whose products have been banned by Apple.
"For products/apps rejected by the App Store, please quickly remove the SDK first and submit to Apple to be once again in the store," the statement advised.
"Youmi is actively communicating with Apple and hope to be able to solve the matter asap. After things have been properly resolved, we will give reasonable compensation. Once again, we express deep regret to affected developers."
Apple issued a statement confirming the breach.
"We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server," Apple said.
"This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected."
Apple has a strict policy regarding data collection, and analysts at SourceDNA told Ars Technica that Apple should definitely have caught this breach itself.
Raj Seth, founder of Ronin Communications in Hong Kong, said: "The app economy has become massive and unwieldy. To put in this perspective, 180 billion global app downloads are expected in 2015.
"Apple's platform is one of many across both enterprise and consumer users. Technology is also rapidly entering a new phase. The current way of handling issues management is not keeping up with this accelerated pace. Now is the time to look again at PR policies and approaches."