I recently come across a research regarding vulnerabilities associated with popular android apps as below

Application Security for Android Platform


Freecharge

Version 8.1.0

Dubious Permissions
• Add or remove accounts
• Access fine location
• Call phone
• Take pictures and video
• Manage accounts User Credential/identifier Leaks
• Android ID
• Device Serial No. Malware Detected
AppRisk;Generic
Detection Agent: Symantec

CLEANit

Version
1.6.68_ww

Dubious Permissions

• read sensitive log data
• take pictures and videos
• disable your screen lock
• expand/collapse status bar
• control flashlight
• read Home settings and shortcuts
• write Home settings and shortcuts
• pair with Bluetooth devices
• access Bluetooth settings

User Credential/identifier Leaks
• Android ID
• MAC Address WLAN0
Malware Detected
• Android.Iop.Bh!c
• ZIP/Trojan.RFVP-9
• Artemis!AB908D71A640
• Artemis
• Suspicious_GEN.F47V0615

Tinder
Version

7.2.1
Dubious Permissions

• Device & App history
• Retrieve running apps
• View Wifi connections
• Pair with Bluetooth devices

User Credential/identifier Leaks
• Android ID
• Android Serial

Malware Detected
AndroidOS/GenBI.4D702417
Suspicious-Gen.F47V0702
Detection Agent:
Cyren,TrendMicro-Housecall



Xender
Version
3.9.0612
Dubious Permissions
• Retrieve running apps
• Modify Contacts
• Read/write call logs
• Read/write home settings and shortcuts
• Modify system settings

User Credential/identifier Leaks
Android ID

Malware Detected

Troj.dldr.Delphic!c,
Detection Agent:
Aegislab
Trojan/Android.TSGeneric
Detection Agent:
Anty-AVL
ZIP/Tojan.TVMA,
Detection Agent:
Cyren
PUA.AndroidOS.Appad
Detection Agent:I
karus
Trojan (005101641)
Detection Agent:
K7GW
Ransom:AndroidOS/LockScreen!rfn,
Detection Agent:
Microsoft
Adware.AppAd/Android!8.9c72
Detection Agent:
Rising

Badoo

Version

5.16.1
Dubious Permissions

• Read home settings and shortcuts
• Pair with Bluetooth devices
• Access Bluetooth settings
• Change Network Connectivity
• Connect and disconnect from Wi-Fi

User Credential/identifier Leaks
Android ID
Malware Detected
Nil

Hike
Version

5.2.3

Dubious Permissions

• Retrieve running apps
• Read your web bookmarks and History
• Read calendar events plus confidential information
• Add or modify calendar events and send email to guests without owner’s knowledge
• Body sensors

User Credential/identifier Leaks
Android ID
Malware Detected
Nil

2GO
Version

V4.1.5

Dubious Permissions
Find accounts on the device
• Read call logs
• View Wi-Fi connections

User Credential/identifier Leaks
Android Serial

Malware Detected
Nil

Mobikwik
Version

9.4.5
Dubious Permissions
• Precise Location
• Modify or delete the contents of your storage
• View Wi-Fi connections
• Create accounts and set passwords

User Credential/identifier Leaks
Android ID

Malware Detected
Nil

Phonepe
Version

3.1.4
Dubious Permissions
• Precise Location

• Directly call phone numbers

• Modify or delete the contents of your storage


User Credential/identifier Leaks
Android ID
Malware Detected
Nil

UC News
Version

1.5.4.962
Dubious Permissions
• Retrieve running apps
• Read sensitive log data
• Read Web bookmarks and history
• Modify System settings

User Credential/identifier Leaks
• Android ID
• Android Serial

Malware Detected
Nil