"Fundamentally, consumers have very few tools and cues that they can use to reasonably control their privacy and make decisions about it,"If app developers can just circumvent the system, then asking consumers for permission is relatively meaningless".
Reportedly, a photo-editing app, Shutterfly, was found to be gathering Global Positioning System coordinates from photos and sending that data to its own servers, even when users declined to give the app permission to access location data. Further, there were apps using MAC addresses of the connected Wi-Fi base stations from the ARP cache (Address Resolution Protocol Cache) as a surrogate for location data.
This is made possible by the fact that many apps are build using the same software development kits (SDK); the owners of these kits are also receiving this data, allegedly.
Turns out, even if don't give permission to access your location to a certain Android app or permission to read your device details, the app still may be able to figure out your location or other details about your Android device.
The second one is called "covert channels", which is short speak for apps that have a clever or unorthodox way to share user information with apps that don't have the same permissions.
According to a new research, about 1000 apps are there which can access your data and location, even after you say no to their access.
So when we have denied the various apps access to our personal data, the apps will somehow still access our data.
However, under this cloak of practical additives, Microsoft has been peddling ads to users in sneaky ways.
Besides this, Manuel Vonau of Android Police says that he also got app install prompts while trying to open files formats which be opened by Microsoft apps like Word, Excel, Powerpoint etc.
Egelman says that he will reveal the names of the 1,325 Android apps that collected personal data without permission.