Researchers from the International Computer Science Institute (ICSI) in the US identified 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission, news portal CNET reported on Tuesday.
Serge Egelman, Director of Usable Security And Privacy research at the ICSI, presented the study at the Federal Trade Commission’s privacy conference.
He said the researchers had notified Google about these issues in September 2018, as well as the FTC.
One of the apps mentioned by name was Shutterfly, which is used for editing photos. It had been gathering GPS coordinates from photos and sending that data to its own servers.
In a statement, Shutterfly said: “Like many photo services, Shutterfly uses this data to enhance the user experience with features such as categorization and personalized product suggestions, all in accordance with Shutterfly’s privacy policy as well as the Android developer agreement.”
The study published on the FTC website cited 153 apps, including Samsung’s Health and Browser apps, which are installed in more than 500 million devices.
According to the report, Egelman would be presenting more detailed information about the research findings at the Usenix Security conference in August.