Android users have been cautioned by cybersecurity professionals about apps that may be spying on them.
In a recent study by Which? and Hexiosec, 20 widely-used apps from social media, e-commerce, fitness, and smart home sectors were closely examined to identify which apps demand the most data.
The apps examined included WhatsApp, Facebook, TikTok, Instagram, Amazon, AliExpress, Ring Doorbell, and Strava, which collectively have over 28 billion downloads worldwide.
Harry Rose, the editor of Which?, stated: “Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping.”
“While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities.”
The study found that every app requests permission for ‘risky’ activities, often unnecessarily, indicating users need to be more cautious about what they consent to.
The investigation highlighted that the Xiaomi Home app from China, which transmits data back to its home country, requested the most permissions, totaling 91.
Among these, five were considered risky, including accessing microphones and location data, which can result in highly targeted advertisements.
Samsung’s Smart Things required 82 permissions, while Facebook asked for 69, and WhatsApp slightly fewer at 66.
Experts revealed that Temu is especially keen on sending marketing emails, and in the realm of social media, TikTok requests permission to record audio and access device files.
It was noted that 16 of the 20 apps sought the ability to create pop-ups over other applications, even for users who opted out of notifications.
Some permission requests, such as microphone access for WhatsApp and Ring Doorbell, are justifiable due to their intended functions.
“Our research underscores why it’s so important to check what you’re agreeing to when you download a new app,” reiterated the Which? editor.
In response, a Meta spokesperson (representing WhatsApp, Facebook, and Instagram) clarified to the publication that its apps do not access the microphone without user involvement.
TikTok emphasized that privacy and security are integral to all their products, noting that the platform collects data users provide and data necessary for app functionality, security, and user experience.
Temu stated that location permissions help complete an address using GPS data.
“Temu handles user data in accordance with local and international regulations and in line with leading industry practices. We remain fully committed to meeting UK regulatory requirements and to continuously improving transparency and user choice,” they added.
Amazon responded by stating that permissions are necessary for features like using the camera to visualize products or using text-to-speech for searching items.
Samsung affirmed: “We recognize the importance of privacy and data protection. All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner’s Office (ICO). Our phones come equipped with Google’s Android operating system, which by default helps protect users by giving them control over what data apps can access.
“We fully comply with Google’s operating system policies, including SmartThings. SmartThings only uses the permissions needed for the app to function properly and deliver the best possible user experience.”
UNILAD has reached out to Strava, TikTok, WhatsApp, and Meta for further comment.