The Pandora Android application was found to send a surprising selection of personal information to advertisers without concent, according to a security firm analysis.
Veracode followed up on the news that a US federal investigation had begun into privacy issues of mobile applications by 'breaking apart' one of the 'accused applications' in order to find what data might be sent.
The firm found that the Pandora radio service application for Android had integrated no less than five seperate advertising libaries including AdMob and Google.Ads.
Examining the contents of each of the advertising libraries, Veracode found that the code was uploading GPS location, user gender, birth date, postcode, Android ID, connection status, network information handset brand and model and IP address.
"Your personal information is being transmitted to advertising agencies in mass quantities," said Veracode to users of the application.
"As more and more 'free' applications attempt to monetize their offerings, we will likely see more of your personal information being shuttled out to marketing and advertising data aggregation firms," they added.
Veracode said that application developers may not even be aware of the privacy violations they introduce when deciding to incorporate a third party advertising library.