Many of the most popular Android applications have been accused of breaking European data protection laws by passing personal information to a US advertising firm without users' explicit permission.
Work by MWR InfoSecurity, commissioned by Channel 4 News, found that code within some applications allows information such as text messages, emails, photos, contacts and calendar information to be passed directly to the firm, called MobClix.
Channel 4 did not name any applications with the code installed, though.
V3 contacted MobClix for its response to the accusations but had received no response at the time of publication.
Google had also not responded to a request for comment from V3.
Rob Miller, a security consultant from MWR InfoSecurity, told V3 the case highlighted the lack of awareness among the general public over the way applications can work.
"Android's way of working is to be an open system and to put the onus on the user to check how applications work, but obviously a lot of people don't do this," he said.
"People think the adverts are a separate part of the system, and don't realise information can be passed on to advertisers."
The European justice commissioner, Viviane Reding, said the lack of insight provided to users was a worrying situation and underlined the need to strengthen data protection laws across Europe to protect citizens.
"This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this," she told Channel 4 News.
"They are spotting you, they are following you, they are getting information about your friends, about your whereabouts, about your preferences. That is certainly not what you thought you bought into when you downloaded a free of charge app.
"That's exactly what we have to change."
The revelations are the latest in a long-line of issues raised with the Android operating system, with concerns last week that applications could be sending back photos stored on phones to remote servers without permission.
Cyber attack on Scottish Parliament comes after MPs at Westminster were targeted in June by a similar brute force attack
The UK still has 40,000 barely used phone boxes littering the landscape
Company files S1 in secret after hiring underwriters in May
Start-up Kolos given the go-ahead to build massive data centre at Ballangen in the Norwegian Arctic Circle