People who worry about social networks like Facebook prying into their personal information should probably also spare a thought for games like "Jetpack Joyride."
To conduct their study, which was released in late October, the researchers examined people's assumptions about how certain apps use their data and graded the apps based on how closely those beliefs matched reality. An "A" grade essentially means that the app uses information as a user would expect, while a "D" suggests the app takes advantage of a user's data in an unexpected way -- for example, using a person's GPS location for marketing purposes.
Some games, like "Fruit Ninja" and "Jetpack Joyride," received D grades for using "sensitive" information like an individual's location or phone carrier to deliver targeted ads, among other things. Halfbrick Studios, the developer behind "Fruit Ninja" and "Jetpack Joyride," did not respond to a request for comment.
Many other kid-friendly apps, like "Despicable Me," "Angry Birds" and "My Talking Tom," also received unimpressive marks. On the other hand, "Candy Crush Saga" earned a comforting A from PrivacyGrade.
Many popular social networking apps that often come under scrutiny for their privacy policies received high grades in the study. Facebook, Instagram, Google+, YouTube and Twitter all received A grades. To be clear, that's not because these services don't access your private data, but rather because they use private data in a way that lines up with user expectations.
Twitter, for example, uses your location data, but it does so to let users mark their tweets with that data, according to PrivacyGrade.
Still, this doesn't mean that social networking clients that access your accounts are totally safe. Popular Twitter app TweetCaster, for example, received a C grade in the study, in part because it accesses user data to deliver targeted ads.
In fairness to app developers, when you install an app from Google Play -- the platform that PrivacyGrade studied -- you receive a message that describes what information that app will access. In other words, when you download Fruit Ninja to your device, you're told that it will access your location, though it doesn't specify what for:
CNN notes that even the app developers themselves may not realize their software is intrusive. Developers who want to monetize their apps take code from advertiser networks, but they don't necessarily know what information is being accessed by that code.
"Advertisers have a big incentive to collect lots of data about individuals so that they can send better targeted ads," Jason Hong, leader of PrivacyGrade and an associate professor at Carnegie Mellon University, told The Huffington Post via email. "Most developers are also not aware that their apps have these kinds of behaviors either, they just reuse code from these advertisers."
According to Hong, his team only looked at Android apps because developers are forced to declare what info they collect from users when they download apps from Google Play. Hong also noted that there are more research tools on the Android platform because it's more "open" than Apple's iOS.
Hong told HuffPost that he's interested in investigating iOS apps in the future.