The company at the centre of allegations that Android apps are sending personal details to third parties without users' permission has responded to the claims, denying that it attempts to access sensitive information.
Earlier this week an investigation by MWR InfoSecurity on behalf of Channel 4 found that some Android apps, including many in the Top 50 list, were sending personal information to advertisers.
The report claimed that that once a user has granted permission for an app to access certain information, that permission is also passed to third party advertisers. Users are not made aware of this, the research says.
The study claimed that one of the companies involved is MobClix, owned by advertising giant Velti.
However the company has responded to the allegations. Writing on the Velti blog, Barbara Dizon, social media manager at the company wrote: "The entire segment only suggests that it's "possible" for all kinds of bad things to happen with user data on mobile devices, specifically when users download apps that use networks to target advertising."
"The plain and simple fact is that MobClix never attempted to access private or sensitive information and we certainly do not capture and record that data," she added.
Dizon went on to question why the study singled out advertising companies as the discussion is more about general Android security permissions. "Every single mobile app has access to some set of user data in order to function that the user has consented to whether the app uses advertising or not. There are tons of apps in the Android market that have more access to sensitive data than any app that is using advertising," she wrote.
She also suggested that the issue with capturing data is more to do with the way Android app permissions work, not with any functionality MobClix or Velti has added to apps.
"Android permissions often grant access to chunks of information rather than a single piece of data. Therefore, in some cases, apps that would like permission to access a single piece of data technically have access to other stuff because of Android's permission system," she wrote. "There is nothing we can do about that."
Perhaps most importantly Dizon claimed that the company does not actually require the permissions linked to any of the Personally Identifiable Information (PII) listed in the article, specifically READ_CONTACTS and READ_CALENDAR. However if the app developer has these enabled MobClix can pass the information on.
Finally, Dizon pointed out that the company has opt-out mechanisms in place.