A new study performed by researchers at Northeastern University with some help from UC Santa Barbara offers reassuring evidence that most smartphone apps aren’t stealthily snooping on the people who use them. But those that do — look out.

“From a set of 17,260 apps, we uncovered few instances of covert recording (i.e. apps taking pictures or videos without users intentionally doing so),” the study authors wrote.

“On the one hand, this is good news: a very large fraction of apps are not abusing the ability to record media,” the study said. “On the other hand, it could also indicate that our analysis missed other cases of media leaks.”

The study, which was first reported by Gizmodo, only focused on Android apps, while future research will look at iOS app permissions as well as mobile-app interactions with Internet-of-things devices.

“Taken together, our study reveals several alarming privacy risks in the Android app ecosystem,” the study said. For instance, food delivery app GoPuff and mobile beta-testing platform TestFairy were singled out as leaking video or screenshots, although it was unclear whether the leaks were inadvertent or nefarious.

Other sub-par practices noted by the researchers included photo-editing apps that processed images in the cloud without notifying users about it in privacy policies and apps that request permissions that they didn’t use, opening the door to third-party code that could exploit the generous permissions.

All that said, the authors cautioned that more work needs to be done to make the paper’s conclusion more definitive.