My accountGet Surfshark
Research
Published:Jul 1, 2025

Digital democracy|Digital privacy

Car apps: the hidden data exchange

Car manufacturers are increasingly integrating smartphone apps into their vehicles, transforming the way drivers interact with their cars. These connected car apps offer a wide range of features, including remote locking and engine start, real-time diagnostics, navigation, and media control. Acting as an online bridge between the driver and the vehicle, these apps enhance convenience but also raise important questions about data privacy. To explore this, we analyzed the official apps of 10 well-known car manufacturers to understand what data they collect and the potential privacy risks for users.

Key insights

  • The most data-hungry car app is Mercedes-Benz, which collects 17 different data types, followed by BMW (14), Volkswagen (13), Toyota (12), Hyundai (12), Honda (11), and Ford (10). These seven apps share a common pattern in their data collection practices: they all collect users’ names, email addresses, phone numbers, user IDs, device IDs, product interaction data, and diagnostic data. Additionally, all except Ford also collect location data. This suggests that many leading automakers are building comprehensive user profiles through their apps, likely to enable and enhance a wide range of connected features. However, the collection of location data and personal identifiers raises important privacy concerns, particularly if users are not fully aware of how their information is being used and shared or the potential risks involved.
  • In contrast, Audi’s app stands out as the least data-hungry, as it does not collect any user data. Tesla and Nissan also collect relatively little information. Tesla gathers two diagnostic data types and one related to product interaction, while Nissan collects the same data types as Tesla, with the addition of the device ID. This suggests that these manufacturers may be adopting a more privacy-conscious approach, either by limiting the functionality of their apps or by intentionally designing them to operate with minimal data collection.
  • BMW is the only analyzed app that collects audio data and a list of contacts from the user’s phone, address book, or social graph. Meanwhile, the Volkswagen app is the only one that collects payment information, such as form of payment, payment card number, or bank account number¹.
  • Major data leaks have occurred in the automotive industry in the past, and the more information companies collect, the greater the potential risk if that data is compromised. For example, Toyota experienced a significant data breach² in 2024, exposing 240 GB of sensitive customer information, including names, email addresses, physical addresses, and vehicle data. Another data leak affecting 800,000 electric vehicles happened in 2025 to the German company Volkswagen Group. The data was stored in Amazon Cloud and included information on the cars’ location, battery levels, and engine activation and deactivation. The group that exposed the leak confirmed that the amassed data on the vehicles was easily accessible and could be matched to car owners’ personal data.³
  • In 2024, the global sales of the analyzed car brands totaled 38.1 million vehicles. Toyota led with 10.8 million units sold, followed by Ford (4.5M), Hyundai (4.1M), Honda (3.7M), Volkswagen (3.3M), Nissan (3.3M), BMW (2.5M), Mercedes-Benz (2.4M), Tesla (1.8M), and Audi (1.7M). Considering that most official car apps began appearing in the mid-2010s, there are now potentially tens of millions of car owners who could use these apps.

Methodology and sources

We identified 10 well-known car manufacturers to analyze their official connected car apps and assess their data collection practices. The selection includes Toyota, Volkswagen, Honda, Ford, Hyundai, Nissan, BMW, Mercedes-Benz, Audi, and Tesla. These manufacturers were chosen based on their global popularity, market presence, and availability of mobile apps. While no formal ranking was used, the list reflects a mix of traditional automakers and newer, tech-driven companies to provide a broad view of the industry. Our analysis focused on identifying the total number of data types collected by each app, as well as any outlier data types, such as audio recordings, contact lists, or payment information.

For the complete research material behind this study, visit here.

Data was collected from:

Apple (2025). App Store.

References:

¹ Apple. App privacy details on the App Store.² Bleeping Computer. Toyota confirms third-party data breach impacting customers.³ Europarl. Data leak affecting owners of Volkswagen Group electric vehicles.
The team behind this research:About us

Related articles:

Grindr and Bumble top the list of the most data-hungry dating apps
Digital privacy | Jun 19, 2025

Grindr and Bumble top the list of the most data-hungry dating apps

All analyzed popular dating apps collect your location, name, phone number, photos or videos, user and device IDs, purchase history, and other sensitive information.
Navigation apps track more than your route
Digital privacy | Jun 10, 2025

Navigation apps track more than your route

Google Maps is the most data-hungry navigation app, collecting 24 types of data, such as user identity, contacts, photos, audio data, and more. Waze and Maps.me have similar practices, gathering almost as much data.
GDPR fines for mishandling children’s data exceed €1 billion
Digital privacy | May 27, 2025

GDPR fines for mishandling children’s data exceed €1 billion

The most popular social media platforms fined nearly €4 billion for GDPR breaches, out of which more than €1 billion was for inadequate protection of children’s data.