While we all worry about which entity Facebook next sells our data, a bigger snitch is lodged in our smartphones. These ever-present mobile apps ask for all sorts of permissions most of which is unrelated to what service they actually perform. And they represent the biggest threat to privacy as they relay names, IP addresses, location data, and phone numbers to third parties.

Thomas Michael filed this report for Info-Security:

Mobile apps are the new weak link when it comes to user data and privacy abuse, and they need to be quickly addressed and treated as such.

In a recent study that looked at permissions usage among VPN apps on the Android Play Store, it was observed that more than 60% of these apps require “dangerous” permissions that are not needed for them to function. These “dangerous” permissions pose a risk to users’ privacy by allowing access to sensitive information such as users’ location, mobile phone data, phone status, and a lot more.

The problem is that a VPN app does not need these permissions that can compromise users’ privacy, to function, yet, more than half of the most popular VPN apps require them. I asked the author of the study and founder of TheBestVPN, Rob Mardisalu, what prompted the study. His response:

“While many seem to be paying a lot of attention to privacy issues involving Facebook and other tech giants, our research has uncovered something much bigger with mobile apps. You can very easily delete your Facebook account, but a mobile app with the wrong permissions can log all of your activities and track you. What’s more worrying is that many people give these mobile apps permission to track them without really knowing what’s going on behind the scenes.”

Mardisalu has good reason to be worried, as do all mobile phone users. A recent study from researchers from Oxford University found that a whopping 90% of free apps on the Google Play store share data with organizations.

According to the researchers, this data sharing and harvesting is simply out of control, with the average app sharing information that includes a user’s age, gender, location, and information about other installed apps to up to five tracker companies; these companies then pass the data to larger firms that use the data for other purposes.