A mobile security company claims that many free iPhone and Android applications, which were downloaded by millions of users, pose serious privacy risks. The apps were found to collect private data from handsets and uploading it remote websites.

The serious privacy and security breach was announced at this year's edition of the Black Hat security conference, currently taking place in Las Vegas, by Lookout (formerly known as Flexilis), a San Francisco-based company developing security and data backup solutions for smartphones. The findings are based on the company's research, code-named the “App Genome Project”, which involved analyzing 300,000 iPhone and Android applications for signs of threats.

According to Lookout, 33% iPhone and 29% Andoid free apps can access the user's location at any given time, while 14% and 8% respectively can browse through their contacts. Many do so with little or no warning to the user and some even without the knowledge of the developer.

For example, one Android wallpaper application, which was downloaded by millions of users, was found to access sensitive data and upload to a server in Shenzhen, China. MobileBeat reports that the app is developed by a company called Jackeey Wallpaper and amongst the info it collected were text messages, browsing history, subscriber IDs, SIM card numbers, as well as voicemail passwords.

This is not the only such application found to violate user privacy in such a way and even though most of the collected data is primarily used in targeted advertising, it can theoretically also be abused for identity theft. Many of the offending apps engage in such activities via third-party code integrated into them.

Many developers implement advertising kits into their free apps in order to earn some revenue and these kits are mainly responsible for the privacy breaches. Lookout found that 23% of free iPhone applications contain some sort of third-party code, while for Android the percentage is 47%.

You can follow the editor on Twitter @lconstantin