Santa may know if you have been naught or nice, but that's nothing compared to the amount of information Walgreens and Target collects from its shopping app users.

Filip Chytry, at the avast! Blog, called Walgreens the winner when it came to collecting unnecessary customer information.

“The Walgreens app not only requests permissions that are completely unnecessary for its app to function, but also requests more permissions than any of the other retail apps we looked at,” he wrote, adding some of the permissions included, modifying or deleting the contents of attached USB storage devices along with controlling the the camera, microphone.

Walgreen's spokesperson Mailee Garcia countered saying the permissions are needed by the app.

"All permissions associated with our app have, in fact, been implemented to provide the services we currently make available to our customers.  For example, these include our Refill by Scan feature, which requires a smartphone camera; telehealth services and consultations, which require a microphone; store locator features, which require location permissions; and connection of personal fitness devices, which require  Bluetooth. Any suggestion that our app's permissions are unrelated to its purpose are inaccurate," she said in an email to Friday.

For Target he found it's Application Program Interface is easily accessed by a third party giving anyone insight into buying habits along with some basic contact information.

“Now imagine what could happen if this valuable customer data landed in the wrong hands. The ways this data could be misused are far and wide,” he wrote.

UPDATED: Mailee Garcia of Walgreen's commented for the story.