Android warning: Over 1,000 apps found to harvest your data without permission

If you have an Android smartphone, you might want to check which apps you have installed on the device.

A worrying new study has revealed that more than 1,000 Android apps harvest your data, even if you’ve explicitly told them not to.

Researchers from the International Computer Science Institute (ICSI) tested 88,000 apps from the US Google Play Store, and found that 1,325 were harvesting user data that they shouldn’t have.

Worryingly, the guilty apps included some very popular options, including Samsung Health, Samsung’s Browser and Disney’s Hong Kong Disneyland park app.

The researchers discovered that there wasn’t just one tactic used - there were actually over 50 different methods used to access user data, including via emails, phone numbers, geolocation and device-identifying IMEI numbers.

One of the sneakiest tactics involved using picture metadata to discover specific location information, even if users hadn’t granted the app location permissions.

Meanwhile other apps used ‘covert channels’ to access user data.

In their study , the researchers, led by Joel Reardon, explained: “Covert channels enable communication between two colluding apps so that one app can share its permission protected data with another app lacking those permissions.”

Overall, the researchers believe that the data harvesting could have affected ‘hundreds of millions’ of Android users.

They added: “By uncovering these practices and making our data public, we hope to provide suffcient data and tools for regulators to bring enforcement actions, industry to identify and fix problems before releasing apps, and allow consumers to make informed decisions about the apps that they use.”

The researchers have reported their findings to Google.