Popular shopping apps regularly violate their users' privacy, new research says.
Around 60% of the most popular Android shopping apps are in potential violation of Google Play's privacy policy standards, according to a review by research firm Comparitech of 91 apps internationally in November .
On average, the shopping apps requested access to 26 permissions, eight of which Android classified as high level or "dangerous," including access to body sensors, calendars, calling, camera, contacts, GPS location, microphone, storage and texting, Comparitech said.
Thirty-two of the apps requesting access to an Android device's camera and media files didn't disclose they would in their privacy policy and 12 apps requested access to location data also without disclosure, Comparitech said.
Groupon, for example, requested access to the device's camera but doesn't mention needing access in its privacy policy, Comparitech said.
In response, a Groupon spokesperson told ConsumerAffairs "that the camera permission has been removed from our Android app manifest," starting in Android 24.14.
"Going forward, the camera permission will only be requested from users when it is necessary," the spokesperson said, "for example, when they choose to upload a photo with a review for a specific deal."
The findings come during the holiday shopping season, where nearly 1 in 5 shoppers will use an app to make purchases in 2024, according to a survey by Bain & Company.
What were the shopping apps violating privacy?
The apps requesting the most dangerous permissions in the U.S. were Amazon Shopping, which requested 20 dangerous permissions, followed by AliExpress at 19 and Flipkart at 18.
An Amazon spokesperson told ConsumerAffairs that its "mobile app requests permissions for device functions that enable us to provide helpful features to our customers, such as the ability to visualize products in their home with their device’s camera or search for products using text-to-speech."
"Customers have full transparency into the device permissions we request in the Permissions dashboard within the app and can control which permissions they allow to enable specific features, providing an additional level of control beyond their device’s settings," the spokesperson added.
A spokesperson for AliExpress told ConsumerAffairs the company is "deeply committed to our users’ privacy rights and information security, considering them core to our promise of a secure and reliable platform"
"We have put in place thorough data security measures, including regular reviews of our data practices to uphold our ISO certifications for data security. We will persist in safeguarding user privacy and security, following all applicable laws and regulations," the spokesperson added.
The other companies didn't respond to requests for comment from ConsumerAffairs.