Privacy, Government, Surveillance, and You.

Apple has removed hundreds of apps from the iTunes App Store that secretly collected personal information from anyone who downloaded them. Most of the 256 affected apps were made in China, but they were available worldwide on the app store and were downloaded 1 million times, according to app analytics service Source DNA, which first discovered the problem.

The apps' creators used a software development kit from a Chinese advertising company called Youmi, which allowed the developers to put ads in their apps. That's kosher. But Youmi's software gathered information about the people who downloaded the apps, including their email addresses and iPhone serial numbers — sending all that data to Youmi's servers. That skirted Apple's strict privacy guidelines for app developers. And the way Youmi designed the software hid that fact from the developers and Apple's iTunes App Store gatekeepers.

Source DNA did not say which apps were affected. The company told Apple about the problem on Sunday, and Apple removed the apps on Monday. "This is a violation of our security and privacy guidelines," Apple said in a statement. "The apps using Youmi's SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected." Anyone who already downloaded the apps will still be able to use them but the apps won't be updated.

The data collection does not appear to be the developers' fault, since Youmi was disguising the fact that its software was sending that data to its servers. Apple said it is working with the app developers to update their apps, ensuring they are safe for customers and in compliance with the app store's guidelines. The apps are banned from the store until they are fixed.

This is the third big lapse in Apple's typically tight app store security in the past month. Last week, Apple banned a group of apps that were able to peek into encrypted communications between the iPhones they were installed on and the servers the phones communicated with. In late September, the app store suffered a major attack, forcing Apple to remove dozens of popular apps that had been infected by malware. The malicious apps were capable of duping customers into giving up their iCloud passwords and opening dangerous websites.

Police are investigating a "significant and sustained cyber-attack" on the TalkTalk website, the UK company says. The phone and broadband provider, which has over four million UK customers, said banking details and personal information could have been accessed. TalkTalk said potentially all customers could be affected but it was too early to know what data had been stolen.

The Metropolitan Police said no-one had been arrested over Wednesday's attack but enquiries were ongoing. TalkTalk said in a statement that a criminal investigation had been launched on Thursday.

It said there was a chance that some of the following customer data, not all of which was encrypted, had been accessed:

• Names and addresses
• Dates of birth
• Email addresses
• Telephone numbers
• TalkTalk account information
• Credit card and bank details

In the wake of the news, the company's share price dropped by 10% in the first few hours after the London stock exchange opened at 08:00 BST.

Cyber security consultant and former Scotland Yard detective Adrian Culley told BBC Radio 4's Today programme that a Russian Islamist group had posted online to claim responsibility for the attacks. He said hackers claiming to be a cyber-jihadi group had posted data which appeared to be TalkTalk customers' private information - although he stressed their claim was yet to be verified or investigated.

Dido Harding, chief executive of the TalkTalk group, told BBC News the authorities were investigating and she could not comment on the claims.

However, customers have expressed their frustration with what is the third cyber-attack to affect TalkTalk over the past 12 months.

The head of Talk Talk says she has had an email demanding a ransom from a group purporting to be behind the cyber-attack suffered by the company. Chief executive Dido Harding said she did not know whether the ransom email was genuine.

The phone and broadband provider said personal and banking details of up to four million customers may have been accessed in the "significant" attack. The Met Police said the email was "forming part of its investigations".

"It is hard for me to give you very much detail, but yes, we have been contacted by, I don't know whether it is an individual or a group, purporting to be the hacker," Ms Harding told the BBC's business editor Kamal Ahmed. "All I can say is that I had personally received a contact from someone purporting - as I say I don't know whether they are or are not - to be the hacker looking for money."

The BBC's security correspondent Gordon Corera said government sources had told him they currently viewed the Talk Talk incident as cybercrime, rather than anything relating to national security.

Police are to get the power to view the web browsing history of everyone in the country. Home Secretary Theresa May will announce the plans when she introduces the Government's new surveillance bill in the House of Commons on Wednesday. The Telegraph understands the new powers for the police will form part of the new bill.

It would make it a legal requirement for communications companies to retain all the web browsing history of customers for 12 months in case the spy agencies or police need to access them. Police would be able to access specific web addresses visited by customers.

The new powers would allow the police to seize details of the website and searches being made by people they wanted to investigate. They will still need to apply for judicial approval to be able to access the content of the websites.

The European Parliament is set to vote on Tuesday on new rules that could see teenagers banned from internet services such as Facebook, social media, messaging services or anything that processes their data, without explicit consent from their parent or guardian.

The last-minute amendment to the new European data protection regulations would make it illegal for companies to handle the data of anyone aged 15 or younger, raising the legal age of digital consent to 16 from 13.

Companies wishing to allow those under 16 to use their services, including Facebook, Snapchat, Whatsapp and Instagram, will have to gain explicit consent from their legal guardian.

The draft law states: “The processing of personal data of a child below the age of 16 years shall only be lawful if and to the extent that such consent is given or authorised by the holder of parental responsibility over the child.”

Companies such as Facebook currently allow users from the age of 13 to join their services. Their policies are based on the age of digital consent being 13, as defined by the US Children’s Online Privacy Protection Act (Coppa) and similar laws in the EU, which afford those under 13 extra privacy protections.

Until recently, the draft European data protection bill, which is four years in the making, set the digital age of consent at 13, mirroring Coppa.

The changes would legally stop teenagers from accessing social media, among other internet services, unless a parent or guardian consents, but it will likely not stop them from accessing the services.

Facebook required users to be 17 or older before 2006, when it was opened up to the public, but that did not stop teenagers from signing up. Most social media accounts request dates of birth on setting up accounts, but have no way to verify the information.

Unlike those adults signing up to over-18 services, such as adult entertainment sites, which often use a credit card as part of age verification, teenagers under 17 do not have verifiable age-based identification.

For the technology companies the biggest issue with the new rules would be policing them. Stopping teenagers under 16 from accessing messaging, social media and other sites would be very difficult. European legislators are no doubt under intense lobbying pressure to remove the age of consent change from the draft.

US technology firms, including Facebook and Google, have faced an increasingly tough European landscape over the recent years, coming under intense scrutiny over privacy and taxation practices.

The new pan-European data protection bill is the result of this changing attitude to data privacy, and follows recent action by the European Court of Justice to block the transfer of European citizens’ data to the US under Safe Harbour rules.