Privacy warning: These popular apps may be tracking you right now
- Replies 0
It’s become routine to install apps on your phone without giving a second thought to the permissions they request.
But cybersecurity experts are raising red flags about how deeply some of these platforms dig into your personal data.
A new investigation has revealed just how aggressive certain popular apps are when it comes to tracking users behind the scenes. From social media to smart home tools, it turns out convenience often comes at the cost of privacy.
According to an audit by UK consumer watchdog Which? and cybersecurity firm HeXiosec, 20 high-profile apps were examined for how much user data they collect.
This included massive names like WhatsApp, TikTok, Facebook, Instagram, Amazon, Temu, Ring Doorbell, and Xiaomi Home.
Combined, these apps have been downloaded over 28 billion times globally, meaning the data impact is vast. Researchers discovered all apps requested what they termed “risky” permissions—in many cases unnecessarily.
Leading the pack was Xiaomi Home, which asked for a staggering 91 permissions—five of which were labeled high-risk, including access to microphones and precise location data.
Samsung’s SmartThings app wasn’t far behind with 82 permission requests, while Facebook asked for 69 and WhatsApp for 66.
These types of permissions can lead to highly targeted ads or even allow the apps to run overlays and popups on top of other applications.
Investigators emphasized that users often unknowingly allow such access during quick app installations.
The study also noted that TikTok requested permissions to record audio and access stored files, while Temu pushed for aggressive email marketing.
Also read: Protect your privacy: Disable these risky phone settings now!
Sixteen of the twenty apps examined requested the ability to create floating windows over other apps—functionality that can override user preferences for notifications.
While some permissions may align with app features, like microphones for Ring or WhatsApp voice messaging, others seem disproportionate to actual use cases.
As the researchers pointed out, the issue isn’t just the data collection—it’s that most people aren’t aware it’s even happening.
“While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data–often in scarily vast quantities,” said Which? editor Harry Rose.
He added, “Our research underscores why it’s so important to check what you’re agreeing to when you download a new app.”
The report also underlined how permissions can open the door to surveillance-like behavior, including background data collection that never stops unless users actively intervene.
Even users who disable notifications or deny certain permissions may not be fully protected from behind-the-scenes tracking.
In response to the investigation, the companies involved defended their platforms and data practices. A Meta spokesperson said, “None of [our] apps run the microphone in the background or have any access to it without user involvement.”
Also read: How a SIM-swap scam cost one man $38K overnight—and how you can protect yourself
TikTok stated that privacy and security are “built into every product,” and it only collects “information that users choose to provide, along with data that supports things like app functionality.”
Temu claimed location data helps complete addresses and added it adheres to all international and local data regulations.
Amazon and Samsung both stressed their compliance with UK privacy laws and insisted their apps only use permissions necessary for core features.
Read next: Are hackers listening to you through your phone? 4 warning signs that your privacy might be at risk
This raises a key question for users: do you really know what you’re agreeing to when you hit “Allow”? Let us know in the comments if you've ever reviewed your app permissions and whether you're planning to change your habits after seeing this report.
But cybersecurity experts are raising red flags about how deeply some of these platforms dig into your personal data.
A new investigation has revealed just how aggressive certain popular apps are when it comes to tracking users behind the scenes. From social media to smart home tools, it turns out convenience often comes at the cost of privacy.
According to an audit by UK consumer watchdog Which? and cybersecurity firm HeXiosec, 20 high-profile apps were examined for how much user data they collect.
This included massive names like WhatsApp, TikTok, Facebook, Instagram, Amazon, Temu, Ring Doorbell, and Xiaomi Home.
Combined, these apps have been downloaded over 28 billion times globally, meaning the data impact is vast. Researchers discovered all apps requested what they termed “risky” permissions—in many cases unnecessarily.
Leading the pack was Xiaomi Home, which asked for a staggering 91 permissions—five of which were labeled high-risk, including access to microphones and precise location data.
Samsung’s SmartThings app wasn’t far behind with 82 permission requests, while Facebook asked for 69 and WhatsApp for 66.
These types of permissions can lead to highly targeted ads or even allow the apps to run overlays and popups on top of other applications.
Investigators emphasized that users often unknowingly allow such access during quick app installations.
The study also noted that TikTok requested permissions to record audio and access stored files, while Temu pushed for aggressive email marketing.
Also read: Protect your privacy: Disable these risky phone settings now!
Sixteen of the twenty apps examined requested the ability to create floating windows over other apps—functionality that can override user preferences for notifications.
While some permissions may align with app features, like microphones for Ring or WhatsApp voice messaging, others seem disproportionate to actual use cases.
As the researchers pointed out, the issue isn’t just the data collection—it’s that most people aren’t aware it’s even happening.
“While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data–often in scarily vast quantities,” said Which? editor Harry Rose.
He added, “Our research underscores why it’s so important to check what you’re agreeing to when you download a new app.”
The report also underlined how permissions can open the door to surveillance-like behavior, including background data collection that never stops unless users actively intervene.
Even users who disable notifications or deny certain permissions may not be fully protected from behind-the-scenes tracking.
In response to the investigation, the companies involved defended their platforms and data practices. A Meta spokesperson said, “None of [our] apps run the microphone in the background or have any access to it without user involvement.”
Also read: How a SIM-swap scam cost one man $38K overnight—and how you can protect yourself
TikTok stated that privacy and security are “built into every product,” and it only collects “information that users choose to provide, along with data that supports things like app functionality.”
Temu claimed location data helps complete addresses and added it adheres to all international and local data regulations.
Amazon and Samsung both stressed their compliance with UK privacy laws and insisted their apps only use permissions necessary for core features.
Read next: Are hackers listening to you through your phone? 4 warning signs that your privacy might be at risk
