Malicious apps can freely access sensor data on modern smartphones and use this data stream to collect vasts amounts of intel on the phone’s owner. This is the conclusion of research published this month by researchers from the Nanyang Technological University (NTU) in Singapore. Android and iOS operating systems do not require apps to ask users for permission before accessing sensor data. NTU researchers say this OS design flaw could be weaponized in several ways and could be used to steal more than PINs.
Source: https://www.bleepingcomputer.com/news/security/malicious-apps-could-guess-your-phones-pin-using-sensors-data/