Latest news with #HarryRose
Metro
2 days ago
- Metro
Full list of 'data hungry' apps that are spying on you
Some of the most popular smartphone apps have been downloaded by hundreds of millions of people. But experts have warned that some of these seemingly harmless apps are in fact requesting 'shocking' levels of access to your personal data. An investigation by Which? found that 20 popular apps, including Ali Express, Facebook and WhatsApp, ask for 'risky' permissions such as access to your location, microphone, or files on your device. This is despite the apps not needing access to this information to function – which means users could be compromising their privacy when rapidly tapping 'agree' to any permission requests which pop up. While most of the apps they looked into are free to download and use, Which? editor Harry Rose warned that 'users are paying with their data'. He added: 'Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping. 'While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities. 'Our research underscores why it's so important to check what you're agreeing to when you download a new app.' The worst offender was Chinese app Xiaomi Home, which asked for 91 permissions, five of which described as 'risky'. Risky permissions include those that access your microphone, can read files on your device, or see your precise location – which mean businesses can target users with 'uncannily' accurate adverts. Samsung's Smart Things app asked for 82 permissions (of which eight are risky), followed by Facebook (69 permissions, six risky) and WhatsApp (66 permissions, six risky). In some cases there are clear uses for risky permissions – for example, WhatsApp may need microphone access to allow for voice notes and audio calls. But in others, the need for these risky permissions was less clear cut. Four of the apps (AliExpress, Facebook, WhatsApp and Strava) requested permission to see what other apps have been recently used or are currently running. All apps require some data to set up an account – usually an email address. However, Which? found Facebook appeared to request the most data to set up an account, requiring the user's first and last name, birthday, and gender. In response to the research, Meta said none of its apps 'run the microphone in the background or have any access to it with user involvement'. It said that users must 'explicitly approve' in their operating system for the app to access the microphone for the first time. A spokesperson for Samsung said: 'At Samsung, we recognise the importance of privacy and data protection. More Trending 'All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner's Office (ICO). 'Our phones come equipped with Google's Android operating system, which by default helps protect users by giving them control over what data apps can access. 'We fully comply with Google's operating system policies, including SmartThings. SmartThings only uses the permissions needed for the app to function properly and deliver the best possible user experience.' Which? recommends a few ways to increase your privacy when using apps, including: Limit or revoke permissions in the Apps and Permissions section of your device's settings. You can limit or revoke permissions app by app – but revoking entirely could block some app features in the Apps and Permissions section of your device's settings. You can limit or revoke permissions app by app – but revoking entirely could block some app features Use the app settings to check what additional privacy controls are included in the app. You may be able to limit data tracking, revoke some consents, and lock down your account to some data sharing to check what additional privacy controls are included in the app. You may be able to limit data tracking, revoke some consents, and lock down your account to some data sharing Delete the app if you aren't sure about it – and make sure all your account data is deleted too. If you no longer use an app, delete it and stop giving them access to your data if you aren't sure about it – and make sure all your account data is deleted too. If you no longer use an app, delete it and stop giving them access to your data Check privacy information on the App Store or Google Play, which will list all the permissions each app will request on the App Store or Google Play, which will list all the permissions each app will request Read the privacy policy – or if you don't want to read the entire thing, just take a look at the data collection and sharing section Get in touch with our news team by emailing us at webnews@ For more stories like this, check our news page. MORE: The 100-word emergency alert message being sent to millions of phones in weeks MORE: EE, Vodafone and BT down again for second time in 24 hours MORE: EE, Vodafone and BT all go down in signal blackout
Arab Times
22-07-2025
- Arab Times
'Free' apps, costly privacy: Experts warn of data-hungry downloads
NEW YORK, July 22: Some of the world's most widely used smartphone apps have come under scrutiny for demanding extensive access to personal data, often beyond what's necessary for basic functionality, according to a new investigation by consumer watchdog Which? The study, conducted with cybersecurity experts from Hexiosec, analyzed 20 popular Android apps spanning social media, online shopping, smart home, and fitness categories. The findings reveal that all of them requested "risky" permissions—such as access to users' microphone, location, and device files—raising significant privacy concerns. While apps like Facebook, Instagram, TikTok, Amazon, and WhatsApp are marketed as free, Which? warns that users are often paying with their personal information. 'Millions of us rely on apps each day for everything from health tracking to shopping,' said Harry Rose, editor of Which? 'But our research shows that users may be surrendering vast amounts of data—often unknowingly.' Together, the 20 apps have been downloaded more than 28 billion times globally. If installed on one device, these apps would collectively request 882 permissions. Among these, Xiaomi Home requested the highest number — 91 permissions in total, five of which were flagged as risky. Risky permissions include those that allow apps to record audio, access precise GPS location, read internal files, or even overlay content on top of other apps—often without any clear user benefit. Samsung's SmartThings app followed with 82 requested permissions (eight risky), with Facebook demanding 69 (six risky), and WhatsApp asking for 66 (six risky). The apps that sought permission to draw over other apps—creating pop-ups—and those that activate when a phone is turned on, were also cause for concern. TikTok, for instance, requested 41 permissions (three risky), and YouTube sought 47 (four risky). Xiaomi Home and AliExpress were the only two apps found to send user data to servers in China, including suspected advertising networks. While this was disclosed in both apps' privacy policies, experts noted the potential implications for user data security. AliExpress requested six risky permissions, including precise location, microphone access, and file reading. It also sent users an overwhelming 30 promotional emails within a month, despite no specific permission request for email marketing. Temu, another Chinese online retailer, was criticized for aggressively pushing users into subscribing to marketing emails—often without them realizing it. The Which? team advised consumers to take several steps to safeguard their privacy: Review privacy info: Check what data an app collects before downloading it via the app store listing.n Read the privacy policy: Focus especially on sections detailing data collection and sharing.n Limit or revoke permissions: On both Android and iOS, users can manage what data apps can access through Settings.n Delete apps you don't trust: Uninstall apps you're unsure about, and make sure all associated account data is deleted.n Some apps, like Ring and WhatsApp, may require microphone access for core functionality. However, the necessity of certain permissions—like tracking which apps are open or recently used—is questionable, the experts said. Apps including Facebook, WhatsApp, AliExpress, and Strava were found to seek such permissions. The research was conducted using Android devices; permission settings may differ for Apple iOS users. In response to the findings: Meta (owner of Facebook, Instagram, and WhatsApp) claimed none of its apps access microphones in the background without user consent.n Samsung stated that all its apps comply with UK data protection laws and ICO guidance.n TikTok emphasized that privacy and security are 'built into every product' and that it collects only essential information.n Strava defended its use of precise location data as necessary to deliver its services, adding that it employs 'appropriate guardrails' for data usage.n Amazon said its permissions enable features like visualizing products using the camera and voice search, with users having control over personalized ads.n AliExpress stated that certain permissions are not used in the UK and require user consent, asserting compliance with privacy laws.n Ring maintained that it doesn't use trackers for advertising and only uses permissions to enable features requested by users.n Temu said GPS-based address completion is not used in the UK and that it handles user data in accordance with international standards.n
Times
22-07-2025
- Times
Smartphone apps' data demands pose risk to privacy, experts warn
Popular smartphone apps are demanding 'risky' access to your devices in a potential breach of your privacy, experts have of the most popular apps, including Facebook, WhatsApp, YouTube, Instagram, TikTok and Amazon, were investigated by the consumer group Which?, the consumer found that 15 out of the 20 wanted your 'fine' location (within 5m), 15 asked for access to files on the device, and 14 wanted permission to access the is one of users' biggest privacy concerns, according to a survey by the group. Two thirds of people were concerned about an app collecting a phone's precise apps requested to start operating when as soon as you open your phone, even if you haven't have not yet interacted with it. Four — AliExpress, Facebook, Strava and WhatsApp — wanted to see what other apps you have recently used or are currently running. If a person downloaded all 20 apps, they would grant 882 permissions, Which? Rose, the editor of Which?, said: 'Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping. While many of these apps appear to be free to use, our research has shown how users are, in fact, paying with their data — often in scarily vast quantities.'While it's easy to quickly skim a privacy policy and tick 'yes' on autopilot, our research underscores why it's so important to check what you're agreeing to when you download a new app.'The researchers criticised two apps for the process of signing up to the privacy policy. The brain training app Impulse 'barely flagged any privacy information on sign up sign-up', Which? employed a 'dubious design to nudge users to consent' — the agree button was bright orange while the disagree option was greyed was the most data-hungry social media app (69 permissions, of which six are considered risky), followed by the app's Meta stablemate WhatsApp (66 permissions, and 6 risky).TikTok asked for 41 permissions, including three risky ones three of which were risky. These included the ability to record audio and view files on the device.A risky permission is one that potentially gives invasive access to an aspect of your mobile device and is based judged on an industry-standard grading devices appsApps connected to smart devices, such as watches, fridges and washing machines (AS has clarified with reporter) were among the most data-hungry of all the categories, with Xiaomi and Samsung SmartThings asking for the highest numbers of permissions overall (91 and 82 permissions respectively).The Chinese shopping apps AliExpress and Temu raised concerns. AliExpress's privacy policy was easy to miss during set-up and 'bombarded users' with marketing emails after download, in some cases amounting to 30 messages in a month. Temu sent 23 marketing emails in 30 consumer organisation advises users to review the permissions being requested in the relevant app store (data safety for Google and app privacy for Apple) and to restrict them in the section of the smartphone that manages settings, apps and worked with the cybersecurity firm Hexiosec to assess the 20 apps: AliExpress, Amazon, Bosch Home Connect, Calm, Facebook, Flo, Impulse, Instagram, MyFitnessPal, Ring, Samsung SmartThings, Shein, Strava, Temu, TikTok, Tuya, WhatsApp, Vinted, Xiaomi and YouTube. All were tested on Android in June 2025, and the permissions may change differ on Apple claimed that the precise location permission is not used in the UK, and that the microphone permission requires user (WhatsApp, Facebook and Instagram) said that none of its apps 'run the microphone in the background or have any access to it without user involvement'.Samsung said all its apps comply with data protection said people sign up for fitness apps with a 'specific intent and understanding' that the 'value stems from accessing, visualizing visualising, and analyzing analysing user data'.Temu said that the precise location permission is 'used to support completing an address based on GPS location', but it is not used in the UK said it 'collects information that users choose to provide, along with data that supports things like app functionality, security, and overall user experience'.
Daily Mail
21-07-2025
- Daily Mail
The popular apps that are SPYING on you: Cybersecurity experts issue urgent warning over 'data hungry' apps that can access your location, microphone and data
They're some of the biggest apps in the world, used by hundreds of millions of people every day. But according to a new investigation, 'data hungry' smartphone apps like Facebook and Instagram ask for 'shocking' levels of access to your personal data. Experts at consumer champion Which? investigated 20 popular apps across social media, online shopping, fitness and smart home categories. They found all of them ask for 'risky' permissions such as access to your location, microphone, and files on your device – even when they don't need to. The experts urge people to be more careful about what exactly we agree to when we download an app and mindlessly agree to permissions. We could be compromising our privacy when we hastily tap 'agree'. 'Millions of us rely on apps each day to help with everything from keeping on top of our health and fitness to doing online shopping,' said Harry Rose, editor of Which? 'While many of these apps appear to be free to use, our research has shown how users are in fact paying with their data – often in scarily vast quantities.' Which? researchers worked with experts at cybersecurity firm Hexiosec to assess the privacy and security features of 20 popular apps on an Android handset. The list included some of the biggest names in social media (including WhatsApp, Facebook, Instagram, TikTok), online shopping (Amazon, AliExpress) the smart home (Samsung Smart Things, Ring Doorbell) and fitness (Strava). Combined, the 20 apps have been downloaded over 28 billion times worldwide – meaning the average UK adult is likely to have several of them on their phone at any given time. If someone were to have all 20 downloaded on their device, collectively they would grant a staggering 882 permissions – potentially giving access to huge amounts of an individual's personal data. Overall, the team found Chinese app Xiaomi Home asked for a total of 91 permissions – more than any other app in the study – five of which are described as 'risky'. Risky permissions include those that access your microphone, can read files on your device, or see your precise location (usually referred to as 'fine location'). Such data is a valuable commodity and may allow firms to target users with 'uncannily accurate adverts'. Samsung's Smart Things app asked for 82 permissions (of which eight are risky), followed by Facebook (69 permissions, six risky) and WhatsApp (66 permissions, six risky). Overall, Xiaomi asked for a total of 91 permissions - more than any other app in the study - five of which described as 'risky' Xiaomi Home was also one of two apps (alongside AliExpress) to send data to China, including to suspected advertising networks – although this was flagged in the privacy policy by both. Ali Express requested six risky permissions such as precise location, access to microphones and reading files on the device. AliExpress also bombarded users with a deluge of marketing emails after download (30 over the course of a month) but the researchers did not see any specific permission request from AliExpress to do so. Temu, another Chinese-owned online marketplace, also gave a heavy push to sign up to email marketing – which many users could easily agree to without realising, the experts reasoned. Among social media apps, Facebook was 'the most keen for user data' as it wanted the highest number of permissions (69 in total, six of which risky), followed by WhatsApp (66 altogether, six of which risky). TikTok, meanwhile, asked for 41 permissions, including three risky ones, including the ability to record audio and view files on the device, while YouTube asked for 47 permissions, four of which were 'risky'. Overall, 16 of the 20 apps requested a permission that allows apps to create windows on top of other apps – effectively creating pop-ups on your phone, even if you opted out of the app sending notifications. Seven also wanted a permission that allows an app to start operating when you open your phone even if you haven't yet interacted with it. In some cases there are clear uses for risky permissions – for example the likes of WhatsApp or Ring Doorbell may need microphone access in order to carry out certain functions. But other examples the need for risky permissions was less clear cut, according to Which? For example, four apps – AliExpress, Facebook, WhatsApp and Strava – requested permission to see what other apps recently used or currently running. The researchers stress that the investigation was conducted on an Android phone and that permissions may vary on Apple iOS devices. But we should all be more careful of tapping "yes" to permissions while mentally on 'autopilot' without really being aware of what we're agreeing to, Mr Rose said. 'Our research underscores why it's so important to check what you're agreeing to when you download a new app,' he added. The full findings can be read on the Which? website. In response to the findings, Meta (which owns WhatsApp, Facebook and Instagram) said none of its apps 'run the microphone in the background or have any access to it without user involvement'. Meta also said that users must 'explicitly approve' in their operating system for the app to access the microphone for the first time. A Samsung spokesperson said: 'All our apps, including SmartThings, are designed to comply with UK data protection laws and relevant guidance from the Information Commissioner's Office (ICO).' Meanwhile, TikTok said that privacy and security are 'built into every product' it makes. It added: TikTok 'collects information that users choose to provide, along with data that supports things like app functionality, security, and overall user experience'. Strava said that risky permission it takes, such as precise location, allow it to 'provide the very service that our users are requesting'. It said that it has 'implemented appropriate guardrails' around how data is 'collected, shared, processed, and used'. Amazon said that device permissions are to provide 'helpful features', such as 'the ability to visualise products in their home with their device's camera or search for products using text-to-speech'. It added: 'We also give customers clear control over personalised advertising by requesting consent when they visit our UK store and providing options to opt out or adjust preferences at any time.' AliExpress claimed that the precise location permission is not used in the UK, and the microphone permission requires user consent. It added: 'We strive to create a platform where consumers can shop with confidence, knowing that their data is safeguarded in accordance with the law and our strict privacy policy. We welcome the findings from Which? as an opportunity to redouble our efforts in this area.' Ring said that it doesn't 'use cookies or trackers on the Ring app for advertising' and all permission as used to 'provide user-facing features'. It added: 'We design our products and services to protect our customers' privacy and security, and to put our customers in control of their experience. We never sell their personal data, and we never stop working to keep their information safe.' A Temu spokesperson said precise location permission is 'used to support completing an address based on GPS location' but it is not used in the UK market, adding that it 'handles user data in accordance with local and international regulations and in line with leading industry practices'. Google (representing YouTube), Xiaomi, Impulse and MyFitnessPal did not respond to requests for comment.
Scottish Sun
16-07-2025
- Business
- Scottish Sun
Biggest customer fails from top firms YOU use revealed in Which?'s annual ‘Shoddy Awards'
Click to share on X/Twitter (Opens in new window) Click to share on Facebook (Opens in new window) THE companies that have let down customers the most in the past year have been revealed. Consumer group Which? has named the firms that have fallen short the most this year in its annual Shoddy Awards. Sign up for Scottish Sun newsletter Sign up 1 Which? has revealed its full list of 'Shoddy Award' winners Credit: Getty - Contributor A range of companies made the list, including airlines, broadband firms, car firms and booking platforms. To be nominated the companies must have fallen below industry standards, offered poor value for money, made false claims or regularly underperformed. Experts put forward their own lists of companies that they felt met the criteria. The firms were then subjected to testing, customer surveys and investigations before a team of judges put together the final list. Below we've revealed a selection of winners and why they were awarded the title, plus read on for the full list. Harry Rose, Which? Magazine Editor, said: 'Consumers rightly expect high-quality products and services for their money. "All the companies named and shamed in this year's Shoddy Awards need to up their game and offer people the value for money they rightly expect.' Which? contacted each firm for comment. Kiddylicious Kiddylicious sells snacks for children aged from six months to five years old. The company claims to be allergen free, convenient and promote self-feeding. RECEIPTS-EXPLAINER But research from the University of Leeds, funded by Which?, found that the majority of snacks are actually high in sugar and marketed in a misleading way. Many are closer to sweets than healthy snacks, with several classed as confectionery under World Health Organization guidelines. The snacks have little nutritional value and for babies aged under a year they risk replacing breast milk or formula in their diets. David Lloyd David Lloyd health clubs were also given a Shoddy Award because of their poor value for money. In Which?'s most recent gym survey, its members rated the company just two stars when it came to value for money. The consumer champion found that the average 'Plus' membership would cost you £131.50 a month. Meanwhile, in some locations the Platinum membership would set you back £259 a month. Ticketmaster Ticketmaster's pricing for the Oasis reunion tour earned it a spot on the Shoddy Award shortlist this year. The company's practices when selling tickets for the long-awaited tour may have breached consumer protection law for two reasions. First, some seats were labelled as platinum and cost twice as much as a standard ticket. But Ticketmaster failed to explain to customers that there was o extra benefit to buying these seats. Meanwhile, customers were told that "in demand" prices would be used. This which meant that customers queued for tickets online without knowing exactly how much they would need to pay for tickets. The Competitions and Markets Authority (CMA) investigated and agreed that these practices might have broken consumer law. Which? is calling on the CMA to make sure that Ticketmaster refunds customers who paid more than expected for tickets. Sports Direct Sports Direct has also been accused of breaking the law this year. When selling items Sports Direct uses Recommended Retail Prices (RRP) as a reference of how much an item is worth. The Advertising Standards Authority (ASA) said an RRP should reflect the price a product is generally sold at across the market. But Which? found examples where no other online retailers were selling items at the RRP price shown by Sports Direct. Often their prices were the same as Sports Direct's, or lower. This could mislead shoppers about the true value of a product and the savings they are actually making. Many of the brands sold by Sports Direct are owned by its parent company, Frasers Group. For the majority of them Which? could not find the items for sale on any other websites. The ASA has said: 'If a marketer is the only seller of a product, and so has set the price themselves, it's unlikely to be acceptable to refer to the price as RRP.' It's not clear if this is the case here and if it applies to brands that are owned by the same parent company. Which? is calling on the CMA to investigate these pricing tactics. Tesco Clubcard Supermarket loyalty cards have become essential to cut the cost of your weekly shop. But some retailers have age, address and digital requirements that block shoppers from accessing savings. Tesco has the largest market share of any UK supermarket. But you must be 18 to get a Clubcard, while at other supermarkets you can register for a loyalty card if you are aged 16 or younger. The rules stop younger shoppers from getting access to thousands of discounted prices. Online marketplaces Websites including AliExpress, Amazon, Ebay, Temu and TikTok are failing to prevent the sale of unsafe goods from third-party sellers. Last year Which? listed an unsafe plug-in heater that looked identical to one that was recalled as far back as December 2022. The consumer champion found the heater for sale on Amazon, eBay, Etsy and TikTok. Meanwhile, it also found dangerous "energy saving" plugs available on websites including AliExpress, Amazon, eBay, Temu and TikTok Shop. The devices claim to save you money but are not safe. Which? is calling on the government to introduce a duty so marketplaces have a legal responsibility to stop dangerous products appearing on their websites. The hotel booking platform came out top in Which? accommodation booking website survey - with the highest customer score. But when things go wrong, the situation was less positive. The consumer champion received dozens of complaints about scam messages and has seen hundreds of online reviews from people who have fallen for a scam. Which? said the award is specifically for approach to minimising and handling scams. Its recent investigation found that does not run proper identity checks on accommodation hosts. It is far too easy to hack into its messaging system and the system often shows positive reviews, rather that ones warning that the property is a scam. When you contact to say you have been scammed it will chase your money but it will not necessarily refund you itself. British Airways For the first time, British Airways was joint bottom of Which?'s long-haul airlines survey. It did not fly particularly high in the consumer champion's short-haul rankings. It landed nearer the bottom of the table than the top and was only awarded two stars for value for money, seat comfort, food and drink and cabin environment. Meanwhile, Which? research in May named it the worst-rated airline for customer service in the previous year. It also cancelled more flights than many of its rivals. Which? said that as many companies look to innovate and improve, British Airways needs to raise its game. Virgin Media The broadband provider earned its third Shoddy for its poor customer ratings and expensive price rises. Virgin Media was the worst-ranked provider in Which?'s annual broadband survey and received poor ratings for customer service and support. This year it also introduced the biggest mid-contract price rises for broadband-only customers - at £3.50 a month. In comparison, most other providers announced price rises of around £3 a month. The company has also been under investigation by Ofcom since 2023 after customer complaints that the firm is making it difficult for them to cancel their services. The case is still ongoing. EE Mobile EE used the new Ofcom rules on mid-contract price rises to levy a £4 a month increase for bundled contracts, which include both a phone and Sim. In comparison, the next highest price rise was just £1.80. Mobile providers say they need to invest in their networks, which could be justification for increasing airtime call, text and data prices. But the phone cost is fixed at the start of the contract. Which? also suspects that bundled contracts are being offered when customers fail the credit check for a Flex Pay contract to pay for their phone and airtime separately. So although this increase may only impact a small number, it could be a significant cost. Full list of 'Shoddy Awards' HERE is the full list of 'Shoddy' winners: Sugary snacks: Kiddylicious Exercise at extortionate prices: David Lloyd Rip-off merchant of the year: Ticketmaster Dodgy deals: Sports Direct Biggest collective failure: home insurance companies Excluding teenage customers: Tesco Clubcard Dangerous domains: AliExpress, Amazon, Ebay, Temu and TikTok Soft on scams: Cancel culture: British Airways Hat trick of horrors: Virgin Media Bundled contract baddies: EE Mobile Prone to breakdowns: Range Rover Evoque plug-in hybrid Botched bots: iRobot Robot vacs Do you have a money problem that needs sorting? Get in touch by emailing money-sm@ Plus, you can join our Sun Money Chats and Tips Facebook group to share your tips and stories
