Internet security company Bitdefender warned that a “large number” of iOS apps send unencrypted data and track unique device IDs (UDID).

The company noted that “although many apps legitimately access services such as social networking and location tracking, developers also have access to a significant amount of personal data that can easily be accessed and collected”.

It was also noted that while apps may perform exactly as a user expects, this does not necessarily mean that all privacy concerns are addressed.

Catalin Cosoi, chief security researcher at Bitdefender, said: “[Developers] are not to blame if users connect to unsecure Wi-Fi networks or use the same login credentials on all their accounts. From a technical point of view, apps behave as they should, but users need to be aware that developers might not always take the proper measures to secure users’ privacy”.

The company identified lead management app Leads 360 as an example of an app with a security weakness.

The app sends a user’s password as soon as it is typed, without encryption. It was said that “this is worrying, as this is a lead management app that one would expect to have tighter security measures”.

It was also noted that “featuring high user ratings in Apple’s App Store, users seem to be satisfied with its overall performance although they remain unaware of the risks they are exposing themselves to”.

The company gave the example of Mountainbike Lite, an app with a similar security weakness that was addressed in an update.

“Such actions are commendable as developers become aware of the security gaps in their apps and work to fix them”, Bitdefender said.

An earlier study by Bitdefender identified that a large number of apps access user information that is not core to their functionality, including user address books and location information.