Some of the most popular smartphone apps have been downloaded by hundreds of millions of people.
But experts have warned that some of these seemingly harmless apps are in fact requesting ‘shocking’ levels of access to your personal data.
An investigation by Which? found that 20 popular apps, including Ali Express, Facebook and WhatsApp, ask for ‘risky’ permissions such as access to your location, microphone, or files on your device.
This is despite the apps not needing access to this information to function – which means users could be compromising their privacy when rapidly tapping ‘agree’ to any permission requests which pop up.
While most of the apps they looked into are free to download and use, Which? editor Harry Rose warned that ‘users are paying with their data’.
He added: ‘Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping.
‘While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities.
‘Our research underscores why it’s so important to check what you’re agreeing to when you download a new app.’
The worst offender was Chinese app Xiaomi Home, which asked for 91 permissions, five of which described as ‘risky’.
Risky permissions include those that access your microphone, can read files on your device, or see your precise location – which mean businesses can target users with ‘uncannily’ accurate adverts.
Samsung’s Smart Things app asked for 82 permissions (of which eight are risky), followed by Facebook (69 permissions, six risky) and WhatsApp (66 permissions, six risky).
In some cases there are clear uses for risky permissions – for example, WhatsApp may need microphone access to allow for voice notes and audio calls.
But in others, the need for these risky permissions was less clear cut. Four of the apps (AliExpress, Facebook, WhatsApp and Strava) requested permission to see what other apps have been recently used or are currently running.
Meta (Facebook, WhatsApp and Instagram)
All apps require some data to set up an account – usually an email address.
However, Which? found Facebook appeared to request the most data to set up an account, requiring the user’s first and last name, birthday, and gender.
In response to the research, Meta said none of its apps ‘run the microphone in the background or have any access to it with user involvement’.
It said that users must ‘explicitly approve’ in their operating system for the app to access the microphone for the first time.
Samsung (Smart Things)
A spokesperson for Samsung said: ‘At Samsung, we recognise the importance of privacy and data protection.
‘All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner’s Office (ICO).
‘Our phones come equipped with Google’s Android operating system, which by default helps protect users by giving them control over what data apps can access.
‘We fully comply with Google’s operating system policies, including SmartThings. SmartThings only uses the permissions needed for the app to function properly and deliver the best possible user experience.’
How to make sure apps aren’t accessing your data without permission
Which? recommends a few ways to increase your privacy when using apps, including:
- Limit or revoke permissions in the Apps and Permissions section of your device’s settings. You can limit or revoke permissions app by app – but revoking entirely could block some app features
- Use the app settings to check what additional privacy controls are included in the app. You may be able to limit data tracking, revoke some consents, and lock down your account to some data sharing
- Delete the app if you aren’t sure about it – and make sure all your account data is deleted too. If you no longer use an app, delete it and stop giving them access to your data
- Check privacy information on the App Store or Google Play, which will list all the permissions each app will request
- Read the privacy policy – or if you don’t want to read the entire thing, just take a look at the data collection and sharing section
Get in touch with our news team by emailing us at webnews@metro.co.uk.
For more stories like this, check our news page.
