Cybersecurity experts have issued an urgent warning to Android owners regarding the apps that spy on them.
In a new investigation conducted by Which? in collaboration with Hexiosec, 20 popular applications from the arena of social media, online shopping, fitness, and smart home were put under the microscope to determine which are the most 'data hungry'.
This included WhatsApp, Facebook, TikTok, Instagram, Amazon, AliExpress, Ring Doorbell and Strava, which combined, have reportedly been downloaded more than 28 billion times globally.
Editor of Which?, Harry Rose, commented: "Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping.
Advert
"While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities."
This research revealed that all of the apps request 'risky' permissions, and unnecessarily so, therefore people need to be more wary of what they're agreeing to.
For starters, the investigation discovered that the Chinese app Xiaomi Home, which sends data directly to its native country, asked for more permissions than any other, totalling 91.
Five of them were deemed risky, including access to microphones and locations, which can lead to 'uncannily accurate adverts' thrown in users' faces.
82 permissions came via Samsung's Smart Things, while Facebook asked for 69 and messaging favourite WhatApp wanted just three less.
Temu was particularly big on pushing marketing emails, the experts revealed, while elsewhere in the social media sphere, TikTok asked for the ability to record audio and even view files on devices.
It was found that 16 out of the 20 apps hoped to create windows on top of other apps, which would create pop-ups even if you've opted out of notifications.
For context, some of the risky permission requests are quite logical, with WhatsApp and Ring Doorbell's microphone access correlating with some of their functionality.
"Our research underscores why it’s so important to check what you’re agreeing to when you download a new app," the Which? editor reiterated.
In response, a Meta (which owns WhatsApp, Facebook and Instagram) spokesperson told the publication that none of its apps 'run the microphone in the background or have any access to it with user involvement’.
TikTok said that privacy and security are 'built into every product' it puts on the market, while also pointing out how TikTok 'collects information that users choose to provide, along with data that supports things like app functionality, security, and overall user experience'.
Temu, meanwhile, claimed that exact location permissions are used to 'support completing an address based on GPS location'.
"Temu handles user data in accordance with local and international regulations and in line with leading industry practices. We remain fully committed to meeting UK regulatory requirements and to continuously improving transparency and user choice," they added.
In a statement, Amazon argued that permissions are used to provide 'helpful features', like the 'ability to visualise products in their home with their device's camera or search for products using text-to-speech'.
Samsung went on to state: "We recognise the importance of privacy and data protection. All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner's Office (ICO). Our phones come equipped with Google's Android operating system, which by default helps protect users by giving them control over what data apps can access.
"We fully comply with Google's operating system policies, including SmartThings. SmartThings only uses the permissions needed for the app to function properly and deliver the best possible user experience."
UNILAD has contacted Strava, TikTok, WhatsApp, and Meta for comment.
Topics: Technology
Dan Seddon