Information gleaned from leaky smartphone apps can be used for practically anything, according to Bitdefender.
Senior e-threat analyst at the security vendor, Bogdan Botezatu, said it can be used from personal profiling for advertising purposes to even being exploited by the NSA, as highlighted by whistleblower Edward Snowden.
Download our Smartphone Super Guide for iPad
"In this instance, the NSA relied on information collected by the advertising SDK to build up profiles about specific terminals and then track the users," he said.
To illustrate his point, Botezatu said the NSA would be able to pinpoint the location and personal profiles of all users taking part in a public disturbance such as a riot.
Defaulting to default
As for how apps gain access to device information, Botezatu said they often rely on the naiveté of the app user.
"Most smartphone users don't have time to adjust the individual privacy settings for each of their applications, and often fall back on default settings they are unaware of," he said.
"I've been coding apps for Android for about three years now and I still don't know off-hand what each permission does."
Beyond awareness and knowledge of the risks around mobile privacy, Botezatu said there are tools that help users track what's installed on their phone.
Bitdefender has its free Clueful app, which examines what data an application sends and how it sends it from the device, such as if it is encrypted or unencrypted.
Patrick Budmar covers consumer and enterprise technology breaking news for IDG Communications. Follow Patrick on Twitter at @patrick_budmar.