Over 250 App Store apps that could look at what people were doing with their phones have been removed by Apple, after they were discovered to have been using software from an advertising company that secretly stole users’ personal information.

The apps used a special piece of software that allowed them to harvest users’ email addresses, serial numbers and to get a full collection of what apps people had installed on their phone. Apple took action soon after the problem was discovered.

Apple has a range of app review processes, which are supposed to vet new software before it gets into the store to ensure that it is not malicious. But the apps appear to have found a way around that.

The software was made by Chinese advertising firm Youmi. It used special techniques to get around Apple’s rules and review process, according to SourceDNA, which found the bug.

App makers probably didn’t know that the Youmi software was stealing their information, according to SourceDNA. Apple said that it would work with developers to help them have the software removed and get their apps back up on the store.

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server,” Apple told The Verge.

iPhone app store attacked