Everyone wants your data. There’s a lot of money in selling or sharing the information that apps collect about you. That’s why tech companies leech data from your devices in exchange for whatever service they’re offering, and sometimes, collection happens without your consent. Some apps may surprise you. Why would a calendar app need access to your health data? Why does a calculator require your list of contacts? You might be surprised at the data some of the apps on your phone right now harvest this way.
The best way to know what you’re getting into before downloading an app is to look at the company’s privacy policy; you can usually find a link to a company’s privacy policy on an app’s landing page in the store or at the bottom of a company’s website. The next best way to learn about data collection is to take a glance at the app store’s privacy reports. It’s a good idea to ask yourself these questions and check out those documents before downloading and installing new apps on any device. If the answer doesn’t seem obvious, don’t download it.
With that in mind, let’s look at some of the most invasive apps that may be on your phone right now.
What Are the Most Invasive Apps?
The chart below is based on research conducted and reported by Marin Marinčić, the head of IT Infrastructure at Nsoft, a gaming and sportsbook platform. He examined app privacy reports in Apple’s App Store and compiled a list of data-hungry apps.
Keep in mind that companies self-report all of this information to Apple. That means companies could fail to mention some kinds of data collection or purposefully misclassify data collection to seem less invasive.
(Credit: NSoft/PCMag)
The apps I didn’t expect to see on the list are games (Candy Crush Saga, Roblox) and the language learning app Duolingo. Roblox claims it doesn’t share any data, and Candy Crush Saga reports that less than 10% of collected personal data goes to other companies. Duolingo shares a much larger percentage of data with others (20%), and the rest of the data appears to be used for analytics and functionality.
Invasive Apps Are Targeting Kids, Too
Some apps for younger audiences collect massive amounts of information, too. Earlier this year, the research team at SafetyDetectives, a cybersecurity news and review site, analyzed 20 popular apps for kids. The analysts found that all of the subscription apps in the study posed privacy risks, 70% of the apps collected identifying information, and more than half shared user/child data with third parties.
(Credit: SafetyDetectives/PCMag)
Among the biggest privacy offenders on the list were popular platforms like Reading Eggs, a popular literacy tool for kids that collects audio and photo data from kids’ devices and also uses customer data for ads and personalization features. ABCMouse, an early childhood learning app, not only collects device data but also shares that information with third parties. Plus, the SafetyDetectives research team flagged the service as being difficult to cancel or delete.
Parents should be wary of apps their kids ask to install on their devices. Check the privacy reports of any educational or entertainment-related apps you install on shared devices for your kids, or apps on devices owned by your children.
Which Apps Share the Most of Your Data?
Now let’s look at the least surprising inclusions on this list: Social media apps. Forming bonds online means voluntarily giving up massive amounts of personal information in return for likes and digital hugs. That’s why it’s no surprise that some social apps use more than 90% of customer data to perform basic functions such as messaging or discovering new contacts.
The social media apps on the list are LinkedIn, Snapchat, TikTok, X, and the famous Meta quartet: Facebook, Instagram, Messenger, and Threads. The Meta apps are particularly worrisome because they share the greatest percentage of data with third parties (68.6%).
(Credit: Canva/PCMag)
WhatsApp Business earned a spot on the list of invasive apps because it requires a lot of your personal information (57.1%) to function. It’s worth noting that WhatsApp Business is separate from WhatsApp, a private messaging service with end-to-end encryption (E2EE). Messages sent using WhatsApp Business do not use E2EE, which means Meta (or anyone else) could be reading or recording your correspondence.
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Unsurprisingly, Amazon and YouTube are data hogs, too. The good news is that Amazon shares relatively little data (less than 6%) with third parties. The company also uses a little over a quarter of the personal data it collects about you to personalize your buying experience. YouTube shares a lot more data with outside companies (31.4%) and collects a lot of data for advertising purposes (34.3%).
YouTube is owned by Google, which has a heavy presence on the list. Gmail, Google, Google Maps, and Google Pay all made the top 20 invasive apps list. Worryingly, all of the Google-owned apps on the list (apart from Gmail) share lots of customer data with other companies.
Finance and video streaming apps are also on the list. PayPal made it to the seventh spot because it collects lots of data for “other purposes” (65.7%). I looked at the App Store to find out what the “other” data categories include, and it was pretty eye-opening. PayPal collects your browsing history, contact list, device ID, financial information, location, photos, search history, and videos.
(Credit: Incogni/PCMag)
According to recent research from data broker removal service Incogni, an app’s country of origin may also determine its level of data collection. For example, the research shows that apps developed by Chinese-owned companies, such as Alibaba, Temu, and TikTok, all collect sensitive information from users, including addresses or approximate locations. Online shopping giant Alibaba was the standout app from this study, as it collects a significant amount of information about its customers, including requests for access to users’ documents, files, phone numbers, photos, and videos.
Recommended by Our Editors
When Is Data Collection Acceptable?
Sometimes, you can’t get around data collection. Delivery, map, and weather apps all need to know your location to function. Looking at the list, it’s understandable to see ride-sharing or delivery apps such as Uber and Uber Eats. These apps require your location data to function. That said, why aren’t competitors like Lyft or DoorDash on the invasive apps list, too?
To find out, I compared the Lyft and Uber privacy reports. Uber uses slightly more specific customer information for tracking purposes than Lyft does. For example, while Lyft collects your email address, general location, name, payment info, phone number, purchase history, and search history, it doesn’t track you using your specific location data or physical address as Uber does. Both apps collect tons of information about you to keep track of your online activities. That’s why I recommend uninstalling the apps and using the browser-based versions the next time you need a ride.
Dating apps request a lot of information from you, too. Bumble and Tinder have spots on the latter half of the list. Your profile information, messages, photos, and videos are private data you voluntarily give to an app company in exchange for a chance at love (or a romance scam). This isn’t necessarily a bad thing, by the way. We all have our own paths to companionship. Just be aware that when you’re putting yourself “out there,” you’re not only wooing a potential date, you’re also joining a data portfolio.
Should You Delete These Apps Now?
The best way to prevent companies from taking your data is to remove invasive apps from your phone. Instead of downloading the standalone app on your device, use the browser versions of popular social media apps.
When you do download a new app, take a minute to scan the privacy reports in Apple’s App Store or Google’s Play Store. If you’re using an Android or iOS device, access the reports by opening the app store, searching for an app, and then scrolling to the Privacy section. Tap See Details to get a full rundown of what kinds of data companies are taking from you and how that data will be used.
If you haven’t deleted any apps from your phone in a while, consider using the next five minutes to remove any apps you haven’t used in the past month. There’s no good reason to allow apps to monitor your browsing habits, collect your photos and videos for AI training, or log all your messages and notes.
If you can’t remember the last time you used an app, maybe it’s time to delete it. If you need it later, it’ll still be in the app store, waiting for you—and your data.
About Our Expert
Kim Key
Senior Writer, Security
Experience
I review privacy tools like hardware security keys, password managers, private messaging apps and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.
In addition to the below categories, I also exclusively cover adblockers, authenticator apps, hardware security keys, and private messaging apps.