App security is currently being threatened where more than 1,000 apps have been reported to gather user information even after users denied permission to access. The long list of apps unknowingly bypasses privacy restrictions freely gathering users’ data.

International Computer Science Institute researchers recently revealed that they found 1,325 Android apps capable of invading user privacy in spite of being denied permission to access data such as geolocation data.

Serge Egelman, director of usable security and privacy research at the International Computer Science Institute said in a statement that the recent research proves that the users’ permission for access on data turned out to be meaningless as app developers have the freedom to do what they please and access the information they need.

Egelman added that in the midst of this scenario, consumers are left with very few tools to use to protect their privacy and to even decide to allow or deny access to it.

The discovered undisclosed Android apps capable of gathering data even without permission work in various ways. Some of them use the Wi-Fi network as an avenue to gather the router’s MAC address and data location.

Apps like Baidu's Hong Kong Disneyland park and Samsung's Health and Browser apps use other apps as a platform to gather personal data such as the users’ IMEI number. By allowing other apps to have access to an SD card’s unprotected data, users are indirectly making the spying app such as the park app take advantage of the permission given.

Although there only a total of 153 apps with such capability, they are installed repeatedly. Samsung’s Health and Browser apps are installed on over 500 devices while the Baidu’s Hong Kong Disneyland park app was installed for more than 17 million times now.

Shutterfly, a photo editing app, on the other hand, uses photos to gather GPS coordinates and sends them to its own server. Shutterfly, however, would not admit the allegations proven by the recent research and explained that they only gather location data with explicit permission from their users.

In September, Egelman alerted Google as well as FTC about the issue. Google responded with the assurance that the issue will be addressed in Android Q, which is set to be released this year.