Android apps are the worst, the researchers found, with almost three-quarters sharing personally identifiable information such as user names and email addresses with third-party sites.
Apple iOS apps behave better, with just 16 per cent of tested app sending personally identifying information, but they still should alert users before doing so, and explain what it's for.
The data doesn't just go to the app companies; mostly it's sent to ad networks so that they can come up with targeted commercial pitches.
What the ad networks receive can be information on the illnesses you're searching for, job hunting, travel plans, social events, you name it.
What the ad networks receive can be information on illnesses you're searching for, job hunting, travel plans, social events, you name it.
Perhaps the fine print that scrolls past on a tiny smartphone screen mentions that such personal and sensitive information will be shared with any number of unknown companies, but even then, I bet you most people aren't aware this is taking place.
This is something that I've been aware of for a a few years now. Nevertheless, it's good to have a reminder that shows the extent of which it is happening, and we really need to rein in the amounts, and type of user information commercial entities can harvest.
It is a form of surveillance, by the private sector which unlike governments have few if any ethical or moral boundaries beyond what consumer and privacy legislation has put in place for what will happen with the information.
Worse, the data collected is often transferred insecurely (which could help government surveillance). Given the vast amount of data breaches lately, it's a safe bet that much if not most of the information collected on you and I is stored insecurely as well, and vulnerable to hackers.
Avoiding being spied upon by multiple commercial entities while using your smartphone isn't easy.
The Harvard researchers suggested giving the nosey apps bogus information and pointed to some programs like Appfence, MockDroid, and the appropriately named Taming Info-Stealing Smartphone Apps tools for that purpose.
Google's business model is to sell you and your information, and I don't expect the online giant to do a one-eighty on this and give users control over the information they share.
They're available as source code only though, requiring technical expertise to build and install. If you go looking for a privacy-enhancing app in the official stores, you're sod out of luck unfortunately.
Obviously, there's a balance to be struck here: apps need information to process to be of use to you. From there though to selling that information to third parties is practice that both Apple and Google need to stop, by changing the terms and conditions of their app stores.
Google's business model is to sell you and your information, and I don't expect the online giant to do a one-eighty on this and give users control over the information they share. It hasn't happened since the debate on info-stealing apps flared up four or five years' ago, so unless governments come down on Google like a tonne of bricks, I don't expect there'll be any change.
Apple however has maintained that this isn't how it does business, and I hope it'll tighten up App Store terms to stop the minority of rogue data snarfing programs in there.
Meanwhile, you should be aware that there's no free lunch: that gratis app you've downloaded could be making money out of tracking your smartphone and what you do on it, without your knowledge.
