New York (CNN Business) When you deny a mobile app permission to collect personal data from your phone, it's reasonable to expect it abides by that. But a new study of popular Android apps found that's not always the case.

around restrictions by finding "side channels" or "covert channels" such as taking data from apps that do have those permissions, potentially affecting hundreds of millions of Android users. Thousands of popular apps from the Google Play Store are able to bypass permissions to collect user data, according to the nonprofit research center International Computer Science Institute , which partners with University of California, Berkeley. The apps workaroundrestrictions by finding "side channels" or "covert channels" such as taking data from apps that do have those permissions, potentially affecting hundreds of millions of Android users.

Researchers found roughly 60 Android apps, which have been downloaded millions of times, are already doing this. Many others are built with code that could allow them to do the same.

The study also points out that Android permissions make it difficult to track how an app will share the information and under what circumstances, even when users do agree to share data.

"These deceptive practices allow developers to access users' private data without consent, undermining user privacy and giving rise to both legal and ethical concerns," the researchers wrote.