jayJay-Z’s new album ‘Magna Carta Holy Grail’ is available to buy and stream today in the UK, but some Samsung device owners got early access for free via the handset-maker’s $5m sponsorship deal.

The app used to deliver the album has been coming in for heavy criticism over its privacy policy, though: “positively PRISM-like in its requests for your information” as Ars Technica puts it.

The app asked fans for permission not just to download the album files, but also to track their location, phone status and identify (i.e. who they’re talking to on voice calls), and the accounts they’ve set up on the device. In the run-up to the release, fans also had to sign in with their Facebook or Twitter accounts, with lyrics exchanged for status updates or tweets.

Some of Jay-Z’s peers weren’t impressed: rapper Killer Mike tweeted a screenshot of the privacy permission requests screen and noted “I read this and……. ‘Naw I’m cool’,” while producer Diplo tweeted tongue-in-cheek that “i wanna get this free jay thing but i dont want to put that app on my phone jay z might be spying on me”.

Happily, fans could choose not to install the app, and simply wait for the album’s release to buy or stream it. Or, indeed, turn to piracy to get the album, since the DRM-free files distributed through the app immediately turned up on torrent sites.

TorrentFreak estimated that 200k copies were downloaded in the first day after the Samsung release alone through torrent sites. That would have happened however the album had leaked, and it’s still likely to do a ton of sales and streams.

But if you think about the brands involved – Jay-Z as well as Samsung – the app’s privacy overreach is the longer-term concern. And a reminder that just because you can collect certain kinds of data from apps, doesn’t mean you should.