Uncovering the Apps That Actually Respect Your Privacy
Ever wonder how free apps make their money?
When you download a payment-free app from the Apple Store, the app creators have your attention AND your data, and some sell the latter on to advertisers or other data brokers. An Oxford University study found that the average app can transfer your data to 10 third-party companies, and companies can use data such as your habits, location, and the other apps on your phone, to draw a convincing profile of who you are.
With Apple unleashing its ‘nutrition label’-style Privacy Labels, Surfshark has combed through the privacy policies of over 200 apps to find out which collect the most data and which collect the least.
See any of your favorites on the list?
- On average, social media apps and food delivery apps collect the most data.
- Browsers and image editing apps collect the least.
- The 3 most data-hungry apps are all owned by Facebook: Facebook, Instagram, and Messenger.
- The least data-hungry apps tend to be developed specifically with privacy in mind.
- In general, the most popular apps (i.e., the ones with the most downloads) tend to collect private data across the largest number of categories.
Alternate Apps That Require Less Data
We compared privacy policies based on the 32 types of data that the Apple Store flags through their “nutrition label” initiative. Each colored square represents one type of data that each app collects. For example, Popcornflix harvests two types of Contact Info (name and email), one type of Location Info, one type of Identifier (device ID), and one type of Usage Data (product interaction).
Five of these apps don’t collect any data from their users (at least, not any that they were required to disclose to the Apple Store). These include navigation app InRoute and personal finance organizer Mvelopes. We found two more data-free apps in our study, Pixelmator (image editing) and Dust (messaging), which don’t appear on this table as there is already a zero-data app from their category.
How do apps generate income without selling their user’s data? Some, such as the image editor Pixelmator, charge a small fee upfront. Others, such as Cisco Webex Meetings, offer both free and premium versions (aka freemium.) Following another popular pricing strategy, Mvelopes suggests in-app purchases.
Which App Categories Demand the Most Data?
Social media apps share secrets, while the food delivery category is a data glutton. Both categories tracked an average of 20 out of 32 possible data types. Shopping (18 types of data), Dating (16 types), and Payments (15 types) round out the top five categories.
Browsers and imaging apps occupy the low end of the scale, each tracking six categories of data. Many ‘alternative’ browsers such as Brave and DuckDuckGo focus on privacy as their selling point. Their creators deliberately developed them not to track as much data as their better-known browsers like Google Chrome.
Privacy Tool: Find the Best App for Your Needs
Surfshark has compiled an interactive table to help you find the least data-hungry app for your needs. Select the category of app you are looking for (weather, dating, finance, etc.) and toggle the results based on what type of data you are willing to share
The Most and Least Hungry Apps for Everything
Some apps are hungrier than others, even within each app category. Surfshark has stacked up the data types required by the most popular apps for each purpose to show all the alternatives at a glance.
The big three—Gmail, Outlook, and Yahoo Mail—are all data hogs, with Gmail demanding 19 data types. There are no download numbers for Apple Mail, which requires just Name, Email, User ID, and one type of usage data (Product Interaction). Spike only takes 3 data segments: User and Device ID, and Product Interaction.
Messaging & Video Calls
Messaging apps may be where we share our most complex and useful data about who we are and what we want. Most messaging apps harvest multiple data types. Facebook Messenger, for instance, tracks 32 out of 32 possible data categories. However, three apps studied were designed with privacy in mind: Cisco Webex (0 data types), Dust (0), and Signal (1).
Social media is the doorway to the internet for many, and it encompasses many of the functions offered by other app types (shopping, messaging, etc.), making its data uniquely valuable. It is also tough to quit, a fact that Facebook and its property Instagram take advantage of, demanding all 32 data types for both apps.
Google’s video player, YouTube, leads the pack with 24 data types, but just try getting through a week without landing on YouTube. Art and indie film streaming apps Mubi and Kanopy offer a low-intrusion experience. Big boys Netflix, Hulu, and HBO Max are all mid-range, with 11-13 data types.
On average, browsers are quite privacy-conscious. ‘Alternative’ browsers are often designed with data privacy in mind. However, big players Chrome and Bing each track nearly half of all possible data types. Cake - despite advertising itself as a more private browser - does the same.
Paypal has long been at the heart of the online retail ecosystem. The payment app collects 26 data types, followed closely by Venmo with 21. MoneyGram is a leaner alternative, collecting 8 types of browser data through its website, but not through its iOS app.
It’s tough to resist the might of Amazon, even if it collects a whopping 26 data types. While this is the highest in the shopping category, it is not an unusual feature: over a third of shopping apps collect information in 20 or more categories.
Only three food delivery apps collect fewer than 19 types of data, and none collect fewer than 13 types. Doordash and Caviar are real gluttons, each chomping up 24 data types (both of these companies use Doordash’s technology). Food apps tend to require search history access, which may help them learn what you really want to eat tonight.
Most flight Booking apps collect between 11 and 16 data segments, but Priceline soars ahead with 23. This data-intensive industry has come under scrutiny after mixed reports that your search history may affect the flight prices you are offered.
Seven of the 12 GPS Navigators studied collect fewer than 10 types of data. But Maps.me and Waze stand out, requiring 20 and 21 types, respectively. GoogleMaps was not studied; at the time of our research, it was still in the process of complying with Apple’s new privacy labeling.
Dating is supposed to be personal. However, none of the top dating apps collect fewer than 11 data types. Four apps collect more than 20. It is worth noting that one company, Match Group, owns Tinder, PlentyOfFish, OkCupid, and Match, but each requires different types of data.
Perhaps the only more sensitive data than dating or finance is health. So perhaps it is surprising that most period trackers are in the double-digits for data collection. Magic Girl was the most anonymous period tracker in our study, requiring only Device ID and Advertising Data.
Pregnancy trackers are on a par with period trackers for personal data requirements. Glow Nurture is “powered by data” and includes social media functionality, coming with 19 privacy labels. Sprout, Baby Bump, and Pregnancy App are all minimally intrusive, while Hello Belly only tracks the user’s name.
Only two kids’ apps collect more than 10 data types: Facebook Messenger Kids and YouTube Kids. However, there are no top apps in our study that kids can use with full anonymity. Studies have found that app developers may be flouting child privacy law, so it is important for parents and children to have an engaged relationship with their online privacy rights and not defer blindly to companies’ claims.
Mint is the most downloaded personal finance app by some margin, and it’s also the greediest for your data. However, some of this activity is used to connect your different accounts to make the app functional. Most financial apps in our study are more discreet, with Mvelopes and Monefy built for privacy – although, in the case of Monefy, this may limit what it is capable of doing.
The most popular cryptocurrency app, Binance, only tracks 4 data segments. This defies a general trend where the most popular app in each category is often the most data-hungry (i.e., Chrome, Gmail, Amazon Shopping, Facebook). However, the second-most-popular crypto app – Coinbase - tracks 18 types. The least data-hungry crypto app - Crypto Pro – asks only for User ID.
The most and least data-hungry apps only have a difference of eight data types between them and are relatively modest in their requirements. However, it’s hard to see why Weather Underground needs 13 types of data, location notwithstanding. CARROT Weather is the least intensive; however, you have to put up with jokes.
Image editors tend not to be intrusive. In fact, two of these apps (TouchRetouch and Pixelmator) don’t need any Privacy Label. VSCO is the biggest hitter, with 18 types. In fact, VSCO conducted its own internal audit to make sense of the swathes of user data they were harvesting – much of it intended to inspire improvements to the app.
What the App Ecosystem Knows About You
Everyone would like their private data to remain private, but it takes effort to overcome the momentum of existing habits. After all, nutrition labels have informed people what’s in their food for half a century, but most still eat more junk food than they intend.
More and more, data is used to power not just advertising but infrastructure. It’ll be hard to opt out when self-driving cars on the roads are regulated by live data, for example. But if it may be near-impossible to function in the modern world without leaving a data trail, this just puts greater emphasis on the need to be informed and apply critical thinking to your participation in the data society.
‘Tech oracle’ Jaron Lanier goes so far as to suggest we should charge Facebook et al. a fee for the data they harvest from us. At the very least, this would highlight the true value of our data – and make developers think twice before demanding it.
Prevent data tracking
Apps collect the information you “willingly” share with them. Most often, however, you won’t be able to use apps without giving them access to your data. This is what makes them different from the general website tracking that people can prevent by downloading and using software like VPNs. If you wish to prevent apps from tracking your data, you can do one of three things:
- Input fake data about yourself.
- File a request under GDPR to delete your data after you’re done using the service (only works if you’re from Europe).
- Don’t use the app.
Methodology & Sources
We made a comprehensive list of apps from a variety of categories using different sources, including tech publications such as CNET, personal finance sites such as The Simple Dollar, health information sites like Healthline, and app popularity ratings on AppFigures.
We checked the Privacy Details section of each one on the Apple App Store to see what segments of data it collects from users. We color-coded the segments according to the type of data, which includes the likes of location, financing information, personal identifiers, and search history.
The most and least data-hungry apps were determined based on the total count of data segments collected by each app. If apps were tied to the number of segments, those collecting data across more categories were deemed more data-hungry.