Thousands of iPhone apps may be accessing contact information without users being aware that it’s happening.

A study by antivirus software maker Bitdefender found that 19 percent of the 65,000 iOS apps it studied can access a user’s iPhone address book. Bitdefender claims the only legitimate reasons for apps to access a user’s address book would be to transfer contacts or merge social media contacts. It is therefore unlikely that almost a fifth of all apps require this information to function. "Chances are high many apps access Address Books without a user’s knowledge," notes the firm.

The study also found that 41 percent of iOS apps can track device location. Location tracking used for contextual ads is common, with information potentially passed on to companies to inform marketing campaigns. However, the default setting in the App Store is for apps to ask for permission to access location-related services.

Bitdefender also noted that more than a third of the 65,000 apps studied store user data without encrypting it, potentially placing it at risk.

“It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up,” said Bitdefender's chief security researcher Catalin Cosoi.

The research also found that 31 percent of the apps analysed can display ads and 16 percent can connect to Facebook. Many are also tracked by analytics tools from the likes of Google and Flurry.