And one in five can sift through your address book.
Antivirus software provider Bitdefender studied more than 65,000 iPhone apps on the Apple App Store, and found that tens of thousands are able to access sensitive personal details of users.
The news may shock some, as Apple recently banned apps/developers from using UDID – unique device identification – to track user behaviour to allay fears that the information could be used for the wrong reasons.
The report claims 18.6 per cent of iPhone apps can access a user's address book details without official permission.
Meanwhile, 41 per cent of apps can track a user's whereabouts, and just 57.5 per cent encrypt the data, meaning that more than a third of details are at risk of fraud.
Catalin Cosoi, chief security researcher, Bitdefender, said: "It is worrying stored data encryption on iOS apps is low and location tracking is so prevalent. Without notification of what an app accesses, it is difficult to control what information users give up.
"We see a worrying landscape of poor user data encryption, prevalent location tracking and silent, unjustified, Address Book access."
The report comes following malware infiltrating an app on the App Store earlier this month.