Smartphone apps can gain access to your phone contacts, quietly make calls, read and send text messages, record your exact location and take photos.

And many of your actions are tracked and analysed for advertisers or app developers - even a game of Angry Birds.

Technology experts recommend that smartphone owners be aware of what they sign up to when they download apps, to avoid both privacy breaches and unnecessary paranoia.

Apps on the Android operating system, made by advertising and search engine giant Google, can seek permission to access a wide range of data and functions on smartphones.


A Weekend Herald survey of 20 popular New Zealand and overseas apps found 12 asking for access to location data, five to text messages and five to contacts.

There are also trivia quizzes and wallpaper apps that asked to look through your internet history.

"There will be a lot of people taking no notice of the permissions at all - they would just say download and away they go," said Pete Thompson, owner of Android Mobile New Zealand, the country's biggest discussion board for the phone system.

There were four "high-risk" permissions to look out for, Mr Thompson said.

Apps that ask to directly make phone calls or send text messages could dial premium numbers to make money for hackers.

Those that ask for access to your contacts and stored files (marked "USB") could abuse the personal information, he said.

It was also worth checking reviews of apps and making sure they were from legitimate developers before downloading them, and phone owners should install security software such as Lookout Security or Norton, he said.

But there is no easy way to see what information actually gets taken from your phone.


A New Zealand-based security researcher, Aldo Cortesi, has been a leader in creating a tool to see what data is being sent from Android smartphones and Apple iPhones.

His tool, mitmproxy, was recently used to find that a social networking app Path was sending entire address books from phones to its servers.

"The problem we have at the moment is these things are so opaque to users - the consumer can't see what's happening and can't control what's happening," said Mr Cortesi.

And companies could be tracking phone users even without taking sensitive data, he said.

He found that three quarters of apps captured unique numbers used to identify phones. The numbers could then be used to access databases of personal information.

Other apps - including Angry Birds - sent data to analytics companies about exactly how they were being used.

"[The companies] know what you do, when you do it, what apps you have on your phone... they can find out your income bracket, age bracket, where you are geographically," Mr Cortesi said.

"The key fact is nobody knows [they are] aggregating this data.

"It's one example of a company that already has an incredibly detailed profile for 100 million-plus mobile devices."

The Herald's Android app seeks permission to access location data, information about other running apps and whether you are making a call.

Head of Mobile, Max Flanigan said the location data was used only for weather updates - but there was the possibility that in the future it could lead to localised news and advertising, if it became an industry standard.

"It's a challenge from an IT department side - the customers are staff who want the latest uses, but you also need to make information secure," Mr Flanigan said.

Although much of the information would be valuable to advertisers, a publisher needed to put its audience's interests first, which was not always the case for technology companies, he said.

The other permissions were used to pause the app during phone calls and other tasks, he said.

Telecommunications Users Association chief executive Paul Brislen said strict New Zealand privacy laws meant locally made apps could not access private data without first alerting you.

"But all too often we are very quick to give [up] all kinds of data without really thinking of the implications, about where the company is based and about just what is happening with your data once you hand it over," Mr Brislen said.