Log in
Get Surfshark
Research
Smart Home
Insights
Methodology

Methodology

We analyzed a total of 290 apps connecting to over 400 IoT (Internet of Things) smart home devices.

We selected apps from 64 device types, ranging from security cameras to robot vacuum cleaners. We chose apps mentioned in articles at the top of search results for the keyword "the most popular IoT X device," where X represents the specific type of device.

Once we had the list of devices and apps they are connected to, we gathered each app's data collection information from its Apple App Store page. The data was collected on February 26, 2024.

The App Store lists 32 unique data points that can be collected across 12 categories. We analyzed this data set according to the three layers of collected data points: unique data points collected, the number of data linked to the user, and data used to track the user.

To rank the most data-hungry apps, we sorted them in this order: unique data points collected, the number of data points used for tracking, data points linked to the user, and data points not linked to the user.

Study limitations: with the first iteration of the study, we analyzed only iOS apps. In future updates, we aim to add Android apps as well.

According to Apple, there are three ways how the collected data points may be handled:

  • It may be used to track users;
  • It may be linked to users;
  • It may not be linked to users.

Tracking means connecting or associating data gathered from the app about a specific user or device (like a user ID or device ID) with information from sources outside the said app (such as a third-party advertising network). Tracking is mainly used for targeted ads or measuring purposes in advertising. Also, this data could be shared with data brokers (companies that collect and sell personal information).

Linking is when a service provider associates the collected data with the user’s identity. As per Apple, “data collected from an app is often linked to the user’s identity unless specific privacy protections are put in place before collection to de-identify or anonymize it.”

Also, “personal information” or “personal data,” as defined in relevant privacy laws, is usually linked to the user’s identity by default.

We gathered our data from Apple (2024). App Store.

For the complete research material behind this study, visit here.

Yes, you should be able to turn off the tracking option.

If you have iOS 14.5 or a newer version, apps have to get your permission to track data on apps, websites, and other locations owned by third parties. You can select the Ask App Not to Track option or allow the tracking.

We added only those devices that could be found on the Apple App Store. In addition, the apps were selected in March 2023. This means some well-known devices might not have been popular then.

However, if you have specific apps you're interested in, contact us at media@surfshark.com, and we'll add them to the next project update.

All data points and their definitions are taken from the official Apple App Store website. You can click here to find the original table.

Contact info
Name
Such as first or last name
Email address
Including but not limited to a hashed email address
Phone number
Including but not limited to a hashed phone number
Physical address
Such as home address, physical address, or mailing address
Other user contact info
Any other information that can be used to contact the user outside the app
Health & fitness
Health
Health and medical data, including but not limited to data from the Clinical Health Records API, HealthKit API, MovementDisorderAPIs, or health-related human subject research or any other user provided health or medical data
Fitness
Fitness and exercise data, including but not limited to the Motion and Fitness API
Financial info
Payment info
Such as form of payment, payment card number, or bank account number. If your app uses a payment service, the payment information is entered outside your app, and you as the developer never have access to the payment information, it is not collected and does not need to be disclosed
Credit info
Such as credit score
Other financial info
Such as salary, income, assets, debts, or any other financial information
Location
Precise location
Information that describes the location of a user or device with the same or greater resolution as a latitude and longitude with three or more decimal places
Coarse location
Information that describes the location of a user or device with lower resolution than a latitude and longitude with three or more decimal places, such as Approximate Location Services
Sensitive info
Sensitive info
Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data
Contacts
Contacts
Such as a list of contacts on the user’s phone, address book, or social graph
User content
Emails or text messages
Including subject line, sender, recipients, and contents of the email or message
Photos or videos
The user’s photos or videos
Audio data
The user’s voice or sound recordings
Gameplay content
Such as saved games, multiplayer matching or gameplay logic, or user-generated content in-game
Customer support
Data generated by the user during a customer support request
Other user content
Any other user-generated content
Browsing history
Browsing history
Information about content the user has viewed that is not part of the app, such as websites
Search history
Search history
Information about searches performed in the app
Identifiers
User ID
Such as screen name, handle, account ID, assigned user ID, customer number, or other user- or account-level ID that can be used to identify a particular user or account
Device ID
Such as the device’s advertising identifier, or other device-level ID
Purchases
Purchases history
An account’s or individual’s purchases or purchase tendencies
Usage data
Product interaction
Such as app launches, taps, clicks, scrolling information, music-listening data, video views, saved place in a game, video, or song, or other information about how the user interacts with the app
Advertising data
Such as information about the advertisements the user has seen
Other usage data
Any other data about user activity in the app
Diagnostics
Crash data
Such as crash logs
Performance data
Such as launch time, hang rate, or energy use
Other diagnostic data
Any other data collected for the purposes of measuring technical diagnostics related to the app
Other data
Other data types
Any other data types not mentioned

Get in touch

Reach out for any inquiries, feedback, or suggestions regarding our work.

media@surfshark.com
Copied!