When you’re installing a new app and it asks for permission to access things like your location data and it’s not connected to the app’s main functionality, you probably just say no. And when you refuse these permissions, you trust that they are respecting that decision. But a new research shows that more than a thousand apps are actually circumventing those permissions or rather non-permissions and still getting access to your data and mining it for their own purposes. Even worse, Google says they are unable to do anything right now but they are working on protecting your data with the upcoming Android Q.

According to an article on CNet, researchers from the International Computer Science Institute found out that 1,325 Android apps were skirting the restrictions imposed by users and are still gathering your geolocation and phone identifiers even after you’ve denied them permission to do so. So basically, if apps can do this all this time, then asking us for permission is basically useless and meaningless.

The researchers looked at more than 88,000 apps on the Google Play Store, trying to track how data has been transferred (or supposedly not been transferred) when they have been denied permission. But 1,325 of those were able to work around the restrictions because it had something hidden in its code that would still take your personal data from Wi-Fi connections and even the metadata that is stored in your photos. Some of the apps also relied on the other granted permission to piggyback and get phone identifies like IMEI numbers.

Both Google and the Federal Trade Commission have been notified on the researchers’ findings. Google said that they will be addressing this issue with the upcoming Android Q update, expected to be released later this year. It will hide photos’ location information from apps and it will also require apps that access Wi-Fi connections to get permission for location data. As to whether this will stop the developers from their work arounds, that is the question.

If you think that the apps that do this are some of the fly by night ones, some known developers like Baidu, Disney, and even Samsung’s Health and Browser apps are doing this as well. After Android Q rolls out, hopefully, the researchers will do another study to check on these more than 1,000 apps.