Still, there findings are interesting. More than 22 percent of the applications the Penn State researchers looked at could send unique identifiers -- typically the IMEI identifier -- across the network.

Although there are times when programmers might want to actually want to use these unique identifiers -- to help police locate a stolen phone, for example -- they can easily be misused, and that can lead to serious security problems said Kevin Mahaffey, chief technology officer with mobile phone security software maker Lookout. "Any time you have a unique identifier... people tend to use it for all sorts of crazy purposes, particularly for authentication."

Verizon is one of those companies using IMEI for authentication, according to M.J. Keith, a security researcher with the Denim Group in San Antonio, Texas. All it takes is an , he said in an interview.

"You can actually use that to reset the portal password," he said. "You can take over the entire account, change the billing address. You can actually have a phone shipped to you."

Last month, Lookout -- Callmejack -- had helped create more than 80 Android wallpaper applications that collected this type of data, sending it to servers in China.