Highlighted apps identified as leading in user surveillance, prompting experts' alarming advisory
In a joint investigation conducted by Which? and Hexiosec, 20 popular apps from social media, online shopping, fitness, and smart home sectors were scrutinised for their data collection practices. The findings revealed that among the apps under investigation, smart home app Xiaomi Home was the most "data hungry," requesting a staggering 91 permissions, including five risky ones such as access to microphone and location.
The investigation uncovered that these 20 apps, which have been downloaded more than 28 billion times globally, collectively requested a total of 882 permissions if installed together, with 78 considered risky. Social media and online shopping apps were widely noted, but Xiaomi Home stood out as the most permission-demanding and thus the "hungriest" for data.
Risky permissions include microphone, fine location, and reading device files, which raise privacy concerns since this data is often used for targeted advertising. All apps asked for some unnecessary permissions, indicating users should be cautious about what they grant.
Xiaomi Home, the Chinese app, requested the most permissions (91) in the investigation. Other apps, including major players like WhatsApp, Facebook, TikTok, Instagram, Amazon, AliExpress, Ring Doorbell, and Strava, also requested many permissions, but none exceeded Xiaomi Home’s level.
Samsung, which manufactures phones running on Google's Android operating system, stated that its apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner's Office (ICO). Samsung's Smart Things requested 82 permissions, while TikTok asked for the ability to record audio and view files on devices.
Amazon argued that permissions are used to provide helpful features, like the ability to visualise products in a user's home with their device's camera or search for products using text-to-speech. Meta (which owns WhatsApp, Facebook, and Instagram) stated that none of its apps run the microphone in the background or have access to it with user involvement.
Cybersecurity experts have issued an urgent warning to Android owners regarding apps that spy on them. They noted that 16 out of the 20 apps hoped to create windows on top of other apps, which would create pop-ups even if you've opted out of notifications.
Temu, another app under investigation, was particularly big on pushing marketing emails. However, the investigation did not reveal any new self-contained facts about Temu's data collection practices.
The investigation serves as a reminder for users to be vigilant about the permissions they grant to apps and to read the fine print before installing them on their devices. The ICO advises users to only give apps the minimum amount of data they need to function properly.
The investigation revealed that some apps, including Xiaomi Home, requested risky permissions such as access to the microphone and location, raising privacy concerns due to their use in targeted advertising. Cybersecurity experts warn Android users to be cautious about apps that spy on them, as 16 out of the 20 apps under investigation attempted to create windows on top of other apps.
