Everyone wants your data. And why not? There’s a lot of money in selling or sharing the information apps collect about you. App companies leech data from your devices in exchange for whatever free service they’re offering, and sometimes, collection happens without your consent.
The best way to know what you’re getting into before downloading an app is to look at the company’s privacy policy. Check out my privacy policy reading guide to help you parse all that jargon. You can usually find a link to the privacy policy on the app’s landing page in the app store or at the bottom of a company’s website. The next best way to learn about an app’s data collection beforehand is to read each company’s privacy reports in the app stores.
Some apps may surprise you. For example, why would a calendar app need access to the health data on your phone? Why would a calculator require your list of contacts? It’s a good idea to ask yourself these questions before downloading any new apps. If the answer doesn’t seem obvious, don’t download the app. With that in mind, let’s look at some of the most invasive apps that may be on your phone right now.
Identifying the Most Invasive Apps
The chart below is based on research conducted and reported by Marin Marinčić, the head of IT Infrastructure at Nsoft, a gaming and sportsbook platform. He examined the app privacy reports in the App Store and compiled a list of data-hungry apps.
Keep in mind that companies self-report all of this information to Apple. That means companies could fail to mention some kinds of data collection or purposefully misclassify data collection to seem less invasive.
(Credit: NSoft)
The apps I didn’t expect to see on the list are games (Candy Crush Saga, Roblox) and language learning app Duolingo. Thankfully, the two apps that serve younger audiences claim to share little to no personal data with third parties. Roblox claims it doesn’t share any data, and Candy Crush Saga reports less than 10% of collected personal data goes to other companies. Duolingo shares a much larger percentage of data with others (20%), and the rest of the data appears to be used for analytics and functionality.
Invasive Apps Need Your Data to Function
Now let’s look at the least surprising inclusions on this list: Social media apps. Forming bonds online means voluntarily giving up massive amounts of personal information in return for likes and digital hugs. That’s why it’s no surprise that some social apps use more than 90% of customer data to perform basic functions such as messaging or discovering new contacts.
The social media apps on the list are LinkedIn, Snapchat, TikTok, X, and the famous Meta quartet: Facebook, Instagram, Messenger, and Threads. The Meta apps are particularly worrisome because they share the greatest percentage of data with third parties (68.6%). In the wake of the TikTok ban, you can read my research about the types of data social media apps collect.
(Credit: Canva/Kim Key)
WhatsApp Business earned a spot on the list of invasive apps because it requires a lot of your personal information (57.1%) to function. It’s worth noting that WhatsApp Business is separate from WhatsApp, a private messaging service with end-to-end encryption (E2EE). Messages sent using WhatsApp Business do not use E2EE, which means Meta (or anyone else) could be reading or recording your correspondence.
Big Tech Has A Massive Data Appetite
Unsurprisingly, Amazon and YouTube are data hogs, too. The good news is that Amazon shares relatively little data (less than 6%) with third parties. The company also uses a little over a quarter of the personal data it collects about you to personalize your buying experience. YouTube shares a lot more data with outside companies (31.4%) and collects a lot of data for advertising purposes (34.3%).
YouTube is owned by Google, which has a heavy presence on the list. Gmail, Google, Google Maps, and Google Pay all made the top 20 invasive apps list. Worryingly, all of the Google-owned apps on the list (apart from Gmail) share lots of customer data with other companies.
Finance and video-streaming apps are also on the list. PayPal made it to the seventh spot on the list because it collects lots of data for “other purposes” (65.7%). I looked at the App Store to find out what the “Other” data categories include, and it was pretty eye-opening. PayPal collects your browsing history, contact list, device ID, financial information, location, photos, search history, and videos.
When Is Data Collection Excessive?
Sometimes, you can’t get around data collection. Delivery, map, and weather apps all need to know your location to function. Looking at the list, it’s understandable that I’d see ride-sharing or delivery apps such as Uber and Uber Eats. These apps require your location data to function. That said, why aren’t competitors like Lyft or Doordash on the invasive apps list, too?
To find out, I compared the Lyft and Uber privacy reports. Uber uses slightly more specific customer information for tracking purposes than Lyft does. For example, while Lyft collects your email address, general location, name, payment info, phone number, purchase history, and search history, it doesn’t track you using your specific location data or physical address as Uber does. Both apps collect tons of information about you to keep track of your online activities. That’s why I recommend uninstalling the apps and using the browser-based versions the next time you need a ride.
Recommended by Our Editors
Dating apps request a lot of information from you, too. Bumble and Tinder have spots on the latter half of the list. Your profile information, messages, photos, and videos are private data you voluntarily give to an app company in exchange for a chance at love (or a romance scam). This isn’t necessarily a bad thing, by the way. We all have our own paths to companionship. Just be aware that when you’re putting yourself “out there” you’re not only wooing a potential date, you’re also joining a data portfolio.
How to Stop Apps From Siphoning Personal Information
The best way to prevent companies from taking your data is to remove invasive apps from your phone. Instead of downloading the standalone app on your device, use the browser versions of popular social media apps.
When you do download a new app, take a minute to scan the privacy reports in the App Store or Google’s Play Store. If you’re using an Android or iOS device, access the reports by opening the app store, searching for an app, and then scrolling to the Privacy section. Tap See Details to get a full rundown of what kinds of data companies are taking from you and how that data will be used.
If you haven’t deleted any apps from your phone in a while, consider using the next five minutes to remove any apps you haven’t used in the past month. There’s no good reason to allow apps to monitor your browsing habits, collect your photos and videos for AI training, or log all your messages and notes.
If you can’t remember the last time you used an app, maybe it’s time to delete it. If you find that you need it later, it’ll still be in the app store, just waiting for you and your data. (Unless that app is TikTok, for now.)
Next, I recommend checking out our toolkit for shoring up your online security and doing a periodic privacy and security checkup for your family’s devices using our cybersecurity checklist as a guide. To learn how to stay anonymous online, read our guide to disappearing on the internet.
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.
About Kim Key
Senior Security Analyst
