The popular apps that are SPYING on you: Cybersecurity experts issue urgent warning over 'data hungry' apps that can access your location, microphone and data
But according to a new investigation, 'data hungry' smartphone apps like Facebook and Instagram ask for 'shocking' levels of access to your personal data.
Experts at consumer champion Which? investigated 20 popular apps across social media, online shopping, fitness and smart home categories.
They found all of them ask for 'risky' permissions such as access to your location, microphone, and files on your device – even when they don't need to.
The experts urge people to be more careful about what exactly we agree to when we download an app and mindlessly agree to permissions.
We could be compromising our privacy when we hastily tap 'agree'.
'Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping,' said Harry Rose, editor of Which?
'While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities.'
Which? researchers worked with experts at cybersecurity firm Hexiosec to assess the privacy and security features of 20 popular apps on an Android handset.
The list included some of the biggest names in social media (including WhatsApp, Facebook, Instagram, TikTok), online shopping (Amazon, AliExpress) the smart home (Samsung Smart Things, Ring Doorbell) and fitness (Strava).
Combined, the 20 apps have been downloaded over 28 billion times worldwide – meaning the average UK adult is likely to have several of them on their phone at any given time.
If someone were to have all 20 downloaded on their device, collectively they would grant a staggering 882 permissions – potentially giving access to huge amounts of an individual's personal data.
Overall, the team found Chinese app Xiaomi Home asked for a total of 91 permissions – more than any other app in the study – five of which are described as 'risky'.
Risky permissions include those that access your microphone, can read files on your device, or see your precise location (usually referred to as 'fine location').
Such data is a valuable commodity and may allow firms to target users with 'uncannily accurate adverts'.
Samsung's Smart Things app asked for 82 permissions (of which eight are risky), followed by Facebook (69 permissions, six risky) and WhatsApp (66 permissions, six risky).
Overall, Xiaomi asked for a total of 91 permissions - more than any other app in the study - five of which described as 'risky'
Xiaomi Home was also one of two apps (alongside AliExpress) to send data to China, including to suspected advertising networks – although this was flagged in the privacy policy by both.
Ali Express requested six risky permissions such as precise location, access to microphones and reading files on the device.
AliExpress also bombarded users with a deluge of marketing emails after download (30 over the course of a month) but the researchers did not see any specific permission request from AliExpress to do so.
Temu, another Chinese-owned online marketplace, also gave a heavy push to sign up to email marketing – which many users could easily agree to without realising, the experts reasoned.
Among social media apps, Facebook was 'the most keen for user data' as it wanted the highest number of permissions (69 in total, six of which risky), followed by WhatsApp (66 altogether, six of which risky).
TikTok, meanwhile, asked for 41 permissions, including three risky ones, including the ability to record audio and view files on the device, while YouTube asked for 47 permissions, four of which were 'risky'.
Overall, 16 of the 20 apps requested a permission that allows apps to create windows on top of other apps – effectively creating pop-ups on your phone, even if you opted out of the app sending notifications.
Seven also wanted a permission that allows an app to start operating when you open your phone even if you haven't yet interacted with it.
In some cases there are clear uses for risky permissions – for example the likes of WhatsApp or Ring Doorbell may need microphone access in order to carry out certain functions.
But other examples the need for risky permissions was less clear cut, according to Which?
For example, four apps – AliExpress, Facebook, WhatsApp and Strava – requested permission to see what other apps recently used or currently running.
The researchers stress that the investigation was conducted on an Android phone and that permissions may vary on Apple iOS devices.
But we should all be more careful of tapping "yes" to permissions while mentally on 'autopilot' without really being aware of what we're agreeing to, Mr Rose said.
'Our research underscores why it's so important to check what you're agreeing to when you download a new app,' he added.
The full findings can be read on the Which? website.
In response to the findings, Meta (which owns WhatsApp, Facebook and Instagram) said none of its apps 'run the microphone in the background or have any access to it without user involvement'.
Meta also said that users must 'explicitly approve' in their operating system for the app to access the microphone for the first time.
A Samsung spokesperson said: 'All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner's Office (ICO).'
Meanwhile, TikTok said that privacy and security are 'built into every product' it makes. It added: TikTok 'collects information that users choose to provide, along with data that supports things like app functionality, security, and overall user experience'.
Strava said that risky permission it takes, such as precise location, allow it to 'provide the very service that our users are requesting'. It said that it has 'implemented appropriate guardrails' around how data is 'collected, shared, processed, and used'.
Amazon said that device permissions are to provide 'helpful features', such as 'the ability to visualise products in their home with their device's camera or search for products using text-to-speech'. It added: 'We also give customers clear control over personalised advertising by requesting consent when they visit our UK store and providing options to opt out or adjust preferences at any time.'
AliExpress claimed that the precise location permission is not used in the UK, and the microphone permission requires user consent. It added: 'We strive to create a platform where consumers can shop with confidence, knowing that their data is safeguarded in accordance with the law and our strict privacy policy. We welcome the findings from Which? as an opportunity to redouble our efforts in this area.'
Ring said that it doesn't 'use cookies or trackers on the Ring app for advertising' and all permission as used to 'provide user-facing features'. It added: 'We design our products and services to protect our customers' privacy and security, and to put our customers in control of their experience. We never sell their personal data, and we never stop working to keep their information safe.'
A Temu spokesperson said precise location permission is 'used to support completing an address based on GPS location' but it is not used in the UK market, adding that it 'handles user data in accordance with local and international regulations and in line with leading industry practices'.
Google (representing YouTube), Xiaomi, Impulse and MyFitnessPal did not respond to requests for comment.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Finextra
2 hours ago
- Finextra
Nottingham Building Society names CTO
Nottingham Building Society, the mortgages and savings mutual, has announced that Russ Thornton has been appointed as its new Chief Technology Officer. 0 This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author. Russ initially joined the 176-year-old mutual in March 2025 as a strategic advisor in an interim capacity from Shawbrook Bank, a specialist bank where he spearheaded a comprehensive multi-year digital transformation, from creating the strategy and its roadmap to delivering its execution. He replaces Paul Howley, who departs in July following three successful years at the organisation following his appointment as the organisation's first ever Chief Technology and Transformation Officer in 2022. Russ brings 34 years of experience in leading digital transformations to drive business growth, having also held senior leadership positions at Cofunds, Legal & General, Aegon, and WorldRemit. He will now be responsible for the delivery of Nottingham Building Society's core banking and mortgage transformation strategies. Speaking about the appointment, Sue Hayes, Chief Executive Officer at Nottingham Building Society, said: 'Russ brings deep expertise and a proven track record of delivering digital transformation at pace and scale. Since joining us earlier this year, he's had a great impact, and I know he will continue to do so as he leads our transformation programme. 'He has successfully delivered complex transformation across banks, fintechs, and global financial services institutions, including most recently at Shawbrook, where his work played a key role in more than doubling the bank's loan book and deposits while radically improving digital experiences for customers and brokers alike. 'This is a pivotal moment for the Society pivotal as we prepare to launch new technology that will transform the mortgage experience for brokers, borrowers, and colleagues alike. Russ shares our values, our purpose, and our belief in building a modern mutual that serves real lives. 'With over three decades of experience, Russ has led enterprise-wide technology strategies, built and scaled high-performing engineering and product teams, and driven operational excellence through innovation. He brings not only technical depth, but also the leadership and cultural insight needed to embed lasting change that puts the customer first.' Sue added: 'We pass our thanks on to Paul Howley for everything he has done during his time with us. Paul's legacy is not only the systems and structures he helped deliver, but the culture he helped shape.' Russ Thornton added: 'I'm extremely excited to join the Society at such a transformative point to continue to deliver on its purpose and promise to its members and communities. That sense of purpose and its ambition to serve members who don't fit the traditional mould was really attractive to be part of. 'Under Paul's guidance, the team has made fantastic progress modernising its mortgage and savings platforms, and I'm looking forward to building on that momentum. My focus will be on ensuring we have the right capabilities, controls and culture in place to grow with confidence and deliver great outcomes for our members and broker partners.'
Geeky Gadgets
3 hours ago
- Geeky Gadgets
Vauxhall Mokka GSE: The Fastest Electric Vauxhall Yet!
The Vauxhall Mokka GSE is transforming the electric vehicle market by combining unparalleled performance with eco-friendly technology. As the fastest electric Vauxhall ever produced, this high-performance SUV is designed to cater to the needs of drivers who seek excitement and sustainability in equal measure. The Mokka GSE features a peak output of 280hp and a top speed of 124mph, making it a force to be reckoned with on the road. Its motorsport-inspired design and advanced engineering features set it apart from other electric vehicles, appealing to enthusiasts who appreciate innovative technology and thrilling driving experiences. Cutting-Edge Technology Meets Motorsport-Inspired Design The Mokka GSE is not just about raw power; it also showcases Vauxhall's commitment to innovation and style. The SUV's sleek, aerodynamic body is complemented by rally-inspired features, such as the prominent front grille and sporty bumpers. The interior is equally impressive, with Alcantara GSE sports seats, aluminium sports pedals, and a 10-inch digital driver display that provides essential information at a glance. The Mokka GSE's advanced technology extends beyond its aesthetics, with features like regenerative braking and a highly efficient battery management system that optimizes energy usage and extends the vehicle's range. Performance That Packs a Punch Under the hood, the Mokka GSE is powered by a 54kWh lithium-ion battery that delivers an impressive 345 Nm of torque. This enables the SUV to accelerate from 0 to 62mph in a mere 5.9 seconds, rivaling the performance of many conventional sports cars. Drivers can tailor their experience by selecting from three distinct driving modes: Sport, for maximum performance; Normal, for balanced driving; and Eco, for optimal efficiency. The Mokka GSE's lightweight design, weighing under 1.6 tonnes, and advanced chassis technology ensure sharp handling and a thrilling driving experience, whether navigating city streets or winding country roads. Safety and Reliability at the Forefront While performance is a key focus of the Mokka GSE, Vauxhall has not compromised on safety and reliability. The SUV is equipped with a range of advanced safety features, including adaptive cruise control, lane departure warning, and automatic emergency braking. The battery pack is protected by a robust casing and an advanced cooling system, ensuring optimal performance and longevity. Vauxhall's extensive testing and quality control measures guarantee that the Mokka GSE is not only exciting to drive but also dependable and secure. Pricing and Availability Although Vauxhall has not yet disclosed the official pricing for the Mokka GSE, industry experts anticipate that it will be positioned as a premium offering within the Mokka lineup. The high level of interest surrounding this model suggests that it will be in high demand among electric vehicle enthusiasts and performance-oriented drivers alike. Vauxhall is expected to release more information about availability, including pre-order details and market launch dates, in the near future. Driving Towards a Sustainable Future The Vauxhall Mokka GSE represents a significant step forward in the world of electric vehicles, proving that performance and sustainability can coexist harmoniously. As more consumers become aware of the environmental impact of traditional combustion engines, the demand for high-performance electric vehicles like the Mokka GSE is set to grow. Vauxhall's commitment to innovation and sustainability extends beyond the Mokka GSE, with the company offering a range of electric and hybrid models across its lineup. As technology continues to advance, it is clear that the future of the automotive industry lies in the hands of forward-thinking manufacturers like Vauxhall, who are paving the way for a cleaner, greener future without sacrificing the joy of driving. Source Vauxhall Filed Under: Auto News Latest Geeky Gadgets Deals Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.
Auto Express
3 hours ago
- Auto Express
Car Deal of the Day: MG4 XPower offers supercar performance for just £282 a month
Dual motors give 429bhp 239-mile range; spacious interior Just £281.48 a month An electric hatchback with supercar-baiting performance? That's the best way to describe the MG4 XPower, as it offers more than 400bhp in a practical five-door package that doesn't cost the earth. This deal proves what ridiculously good value this hot MG is. Via the Auto Express Find A Car service, First Vehicle Leasing is currently offering the XPower for a measly £281.48 a month, after an initial payment of £3,727.80. Advertisement - Article continues below This four-year deal has a limit of 5,000 miles a year, but that can be revised up to 8,000 for just £14.56 extra a month. That's great value when you realise just how potent this car is. MG has revived the XPower name that was reserved for its most powerful models in the early 2000s, and with 429bhp the MG4 XPower is certainly worthy of the famous badge. Its twin electric motors can fire the five-door hatch to 62mph in a barely believable 3.8 seconds, and 0-30mph takes just 1.7 seconds. Top speed, meanwhile, is 124mph, and there's even launch control, just like on a supercar. There's more to the XPower than just firebreathing performance, though, as its 64kWh battery can give 239 miles of range, according to MG, while a 10-to-80-per-cent top-up at an ultra-rapid charger will take less than 30 minutes. The XPower gets bespoke 18-inch wheels with orange brake calipers, but other than those there's little to mark it out from lesser MG4s. The interior is still a nice place to be thanks to plenty of space and good build quality. The Car Deal of the Day selections we make are taken from our own Auto Express Find A Car deals service, which includes the best current offers from car dealers and leasing companies around the UK. Terms and conditions apply, while prices and offers are subject to change and limited availability. If this deal expires, you can find more top MG4 XPower leasing offers from leading providers on our MG4 XPower page. Check out the MG4 XPower deal or take a look at our previous Car Deal of the Day selection here … Find a car with the experts Dacia's baby EV due in 12 months with a tiny £15k price tag Dacia's baby EV due in 12 months with a tiny £15k price tag Dacia's new model will be developed in double-quick time, and it'll be built in Europe to avoid China tariffs MG4 and MGS5 EV prices slashed in reply to Government Electric Car Grant MG4 and MGS5 EV prices slashed in reply to Government Electric Car Grant In order to boost sales, MG is announcing its own a £1,500 grant for some of its EVs Renault will 'stick to the plan' as it hits number 2 in Europe Renault will 'stick to the plan' as it hits number 2 in Europe Renault has no plans to fight Volkswagen for sales supremacy, despite huge growth in EV sales due to new Renault 5
