Many of the most popular Android applications have been accused of breaking European data protection laws by passing personal information to a US advertising firm without users' explicit permission.
Work by MWR InfoSecurity, commissioned by Channel 4 News, found that code within some applications allows information such as text messages, emails, photos, contacts and calendar information to be passed directly to the firm, called MobClix.
Channel 4 did not name any applications with the code installed, though.
V3 contacted MobClix for its response to the accusations but had received no response at the time of publication.
Google had also not responded to a request for comment from V3.
Rob Miller, a security consultant from MWR InfoSecurity, told V3 the case highlighted the lack of awareness among the general public over the way applications can work.
"Android's way of working is to be an open system and to put the onus on the user to check how applications work, but obviously a lot of people don't do this," he said.
"People think the adverts are a separate part of the system, and don't realise information can be passed on to advertisers."
The European justice commissioner, Viviane Reding, said the lack of insight provided to users was a worrying situation and underlined the need to strengthen data protection laws across Europe to protect citizens.
"This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this," she told Channel 4 News.
"They are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences. That is certainly not what you thought you bought into when you downloaded a free of charge app.
"That's exactly what we have to change."
The revelations are the latest in a long-line of issues raised with the Android operating system, with concerns last week that applications could be sending back photos stored on phones to remote servers without permission.
Wikileaks Vault 7 suspect Joshua Schulte fingered by FBI after re-using smartphone passwords on his PCs
Joshua Schulte indicted on 13 counts relating to Vault 7 leaks and trading in images of child abuse
Alexa for Hospitality will link with existing systems so guests can order room service and control the air con
Massive volcanic eruptions could have warmed Mars' surface sufficiently for oceans to form
Examination of fruit flies' brains generated more than one billion data points for scientists to analyse