A new study from online security firm Bitdefender has revealed thousands of popular Androud apps are being used by unscrupulous advertisers to collect and upload user information to third party servers. Some apps were even found to access users' browsing history and photos.
App picture from Shutterstock
For its large scale study, Bitdefender analysed 130,000 popular free Android apps for signs of user privacy breaches. It found that nearly 13 percent of the apps collected and broadcasted users’ phone numbers without explicit notification
A similar number of apps were also found to access and distribute location data, while 7.72 per cent accessed and distributed personal email addresses. Around 6 per cent of analysed apps also accessed browsing history, while a handful even accessed personal photos.
"While some apps may legitimately require access to such data, others access it without the app explicitly needing it to perform adequately," Bitdefender said in a statement.
Texas Poker by KamaGames and Paradise Island by Game Insight International were specifically singled out in the report for uploading users' phone numbers to third parties without their permission. (Both apps have since been updated to meet proper user privacy guidelines.)
[UPDATE: BitDefender has since been contacted by several app developers about its findings and wanted us to provide the following statement: "In the interest of thoroughness of research, we have agreed to re-conduct the tests and expect to finish this new round by approximately May 28. We will communicate the results of the tests immediately after their conclusion."]
“The thin line between aggressive advertisers and malware is getting blurrier,” Bitdefender Chief Security Strategist Catalin Cosoi said in a statement.
“While malware may steal passwords and other credentials, aggressive advertisers may collect everything else. Although violating user privacy raises serious concerns, the risk of having collected data used for malicious purposes is greater than most people imagine.”
This shouldn't come as too much of a surprise really; it's one of the main caveats of an open source operating system. The moral of the story is to always check the T&Cs and privacy policies of every app you purchase and do some online homework before blindly downloading the latest free app.