Researchers find out that there are more than fifty ways that allow these apps can to gather precise geolocation data and phone identifiers behind your back.
Researchers also found that some apps were piggybacking off of permissions granted to other apps on a user's device. And if you set app permissions to prevent it from accessing personal data, the app can still access the data obtained by another app that has it in shared storage.
In the case of Android apps, researchers at the International Computer Science Institute found at least 1,300 apps from a pool of 88,000 studied that have no less than 50 ways to circumvent what you didn't consent to on the Permissions screen.
It is further suggested that many apps that use SDKs built by Baidu and Salmonads use the covert channel communication path to access the user's IMEI number without his or her permission.
These apps were apparently getting the information via unprotected files on a device's SD card and collected data that the user originally denied to them.More news: Serena Williams fined €8900 for damaging Wimbledon court
More news: Rafael Nadal leads charge of old brigade into Wimbledon quarter-finals
More news: Mariah Carey Hilariously Wins the Bottle Cap Challenge
While the researchers first presented the study at the FTC PrivacyCon last month, there now isn't a full list of the offending apps. Shutterfly had been collecting location data from photos stored in the mobile and sending the data to its own servers.
As an example of how these workarounds are used in real life, the report noted that image publishing app Shutterfly took Global Positioning System coordinates from photos and sent that data to its servers even if the user didn't grant the app permission to obtain his location data.
We've become used to the idea of app stores that are supposed to be populated by curated apps with no malicious intent. The company said that it would address this issue with the release of Android Q, expected out later this quarter.
These adverts are only available in some applications on certain operating system builds at the moment, and they do not seem to work as intended on Android Q, with the Share menu displaying the name of the current app instead of the one Microsoft is attempting to advertise.
There is more. Some apps also transmit the unique MAC addresses in your network and router, as well as your wireless access point and SSID.