Skip to main content

Over 1,000 Android apps are collecting user data without permission

When you grant an app permission to access certain data, you probably expect that denying access means that the app simply can’t access the data. Turns out, that may not be altogether true. According to a new report, over 1,000 apps have found ways to bypass those restrictions, essentially allowing them to gather data without the user knowing.

The academic study, which was published on the FTC website, shows that 1,325 of the 88,000 apps that were studied collected such information as geolocation data and phone identifiers, even if the apps weren’t given the permission to do so. There are some pretty popular apps on the list, too — including the Shutterfly app. Baidu was also collecting data through its mapping service — meaning that apps like the Hong Kong Disneyland app, which use Baidu’s mapping service, have been collecting data without permission. Other apps like the Samsung Health and Samsung Browser app also used Baidu back-end and collected data, resulting in other Baidu apps being able to read that data.

Shutterfly, for its part, denies any wrongdoing.

Recommended Videos

“Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement,” said the company in a statement to CNET.

Please enable Javascript to view this content

Some apps used more nefarious methods than others. For example, around 13 of the apps researched piggybacked off of other apps to get access to user data. These apps, which were installed over 17 million times, could read through files that were unprotected, and included the Hong Kong Disneyland app.

So what can be done to prevent these apps from collecting this data? Considering the fact that permissions are supposed to be how we control what data apps can collect, not much. The researchers in the report note that they’ve alerted Google to the issue and that Google has said that it should be fixed in Android Q, which is set to be released later this year. Even with such a fix, there are a ton of phones that won’t get access to Android Q, leaving users vulnerable to having their data collected without their permission. Apart from the fact that the apps in question shouldn’t be collecting data like this, Google should also upgrade how permissions work for all users, even those with older handsets.

Christian de Looper
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google is making it easier for you to find and download Android apps
Google Play on the Oppo Find N2.

Google announced a wide range of features for Android phones at the I/O 2024 developers conference earlier today. However, the event was not all about user-facing changes. The company also revealed a handful of new tricks for developers to showcase their apps effectively while maintaining a vigilant eye on safety.

Among the most important changes -- one that is also going to make life easier for users - is support for more payment options. The most notable of these is support for installment subscriptions, which has already yielded positive results for developers in the early access phase.

Read more
The 1Password Android app just got a huge upgrade
The 1Password Android app, side-by-side, showing the light and dark mode.

The 1Password password manager app for Android has just gotten a huge new update, which unlocks the use of passkeys through its app. Held by many as the future of secure authentication, passkeys are the next evolution of the password, and from today, you'll be able to use 1Password to create, manage, and unlock your accounts that use passkey authentication.

1Password is one of the world's most popular password managers, with over 700,000 passwords saved. But it clearly sees that the future is elsewhere, as it has been leading the charge on taking passkeys into the mainstream.

Read more
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more