An alarming proportion of Android apps can find and open private photographs on smartphones, according to research by security firm Bitdefender. Many apps can also track users' locations, divulge e-mail addresses over the Internet and leak address books and phone logs.
The study encompassed an analysis of 836,021 Play Store Android applications, and has raised concerns over the use of mobile apps to capture users' private data by criminals or even government agencies.
According to revelations leaked by whistleblower Edward Snowden, the American National Security Agency (NSA) and the UK's own Government Communications Headquarters (GCHQ) planned to extract data from users' smartphones via apps such as the popular Angry Birds game.
The study revealed that over 5 per cent of the apps analysed could locate and open photos on a phone, with almost 10 per cent including permissions to read contact lists. Many have a legitimate need for this data but others are clearly intrusive.
What's more, over 35 per cent of the apps analysed by Bitdefender can track a user's location, with almost 3 per cent being able to access the location even when the app is running in the background without the user's knowledge. More than 6 per cent of these apps can also send the device location over the internet.
The data also revealed that up to 3 per cent of the apps analysed can divulge e-mail addresses over the internet: 1,749 uploaded the address over an encrypted connection, with a further 1,661 doing so over an unencrypted connection that could easily be intercepted.
"Our latest study shows that most smartphone or tablet owners have at least one app – and probably several – that could be used to siphon sensitive information from their phones," states Catalin Cosoi, Chief Security Strategist at Bitdefender.
"A significant proportion of applications were shown to be capable of divulging details over the internet using an unencrypted connection. With phones now bearing more resemblance to mini computers, it is particularly worrying when you consider the vast amount of highly personal data about one's identity, schedule, friends, activities and work that each device can contain."
The research comes in the wake of recent Android app scandals, including a well-known flashlight app that stole users' data and shared it with third parties. Meanwhile, the number of infected Android apps are predicted to top one million soon.
To find out if your phone is infected with malware, or apps that seek to gain invasive permissions, read our handy guide.