Digital democracy|Digital privacy

The three most data-hungry mobile browsers: one even collects your personal chats

Would you be comfortable publicly sharing your home address, real-time location, browsing history, or details about your purchases and transactions? Probably not. Yet for users of the most privacy-risky mobile browsers, this may be only a small portion of the data collected, with one browser even gathering the contents of personal chats.

In this study, we analyzed Google Play Store privacy disclosures to see what the most popular mobile browsers reveal about their data collection practices.

How much of your data are mobile browsers collecting?

Our review of data collection practices among 15 of the most popular mobile browsers and Play Store privacy policy pages reveals that the three browsers with the highest privacy risk are Yandex, Microsoft Edge, and Google Chrome. The Play Store privacy policies show that Yandex collects 25 out of a possible 38 data types, while Microsoft Edge collects 20, and Google Chrome collects 19. In our previous review¹ of App Store privacy policies, the results showed Google Chrome collected the most data. However, our latest analysis of Google Play Store disclosures shows that Microsoft Edge now collects more data, surpassing Chrome. Additionally, this study includes a broader and more relevant set of popular browsers.

All three mobile browsers collect data across a wide range of categories, including app activity, app info and performance, audio, device or other IDs, financial information, photos and videos, personal information, and web browsing history. Additionally, both Google Chrome and Yandex collect location data. Microsoft Edge and Yandex also collect contacts, as well as files and documents. Notably, Yandex is the only browser among all the analyzed that collects in-app messages, which could include users’ personal chats.

The most privacy-friendly browsers are Brave, Tor, and Mi Browser. Their Play Store privacy pages state that they do not collect any user data. Samsung Internet, Ecosia, and DuckDuckGo also appear relatively privacy-conscious, each collecting only a limited number of data types, such as app interactions or crash logs. However, Ecosia additionally collects users’ email addresses and phone numbers, while Samsung Internet collects device or other IDs. Despite these minor differences, these browsers still collect considerably less data than the highest privacy risk browsers.

Browsers such as Phoenix and Opera collect a relatively high amount of user data compared to privacy-focused browsers, with Phoenix gathering 13 data types and Opera 9. Other browsers, including Firefox, Safari, Aloha, and UC Browser, are somewhat more restrained, each collecting between six and eight data types. In this Surfshark blog post², Mozilla Firefox is also highlighted as one of the best browsers for privacy, largely due to its long-standing focus on user privacy and its operation under the non-profit Mozilla Foundation.

For a full breakdown of these mobile browsers’ data collection practices, please refer to the visual below.

For what purposes do mobile browsers collect your data?

Understanding why mobile browsers collect user data is just as important as knowing what data they collect. The Play Store lists seven main purposes for data collection³, each with different implications for user privacy.

Account management: data is used to create accounts, log into the app, and for general account management. Seven out of 15 analyzed mobile browsers collect data for this purpose:

Advertising or marketing: data is used to display or target ads or marketing communications, or to share data with advertising partners. Five out of 15 mobile browsers collect data for this purpose: Yandex collects 7 data types; Phoenix collects 3; Microsoft Edge and Opera each collect 2; and Firefox collects 1.

App functionality: data is used for features that are available in the app. Twelve out of 15 mobile browsers collect data for this purpose: Google Chrome collects 16 data types; Microsoft Edge collects 15; Yandex collects 12; Phoenix collects 7; Firefox collects 6; Safari collects 4; DuckDuckGo, Ecosia, Samsung Internet, and UC Browser each collect 2; Aloha and Opera each collect 1.

Analytics: used to collect data about how you use the app or how it performs. Eleven out of 15 mobile browsers collect data for this purpose: Yandex collects 14 data types; Google Chrome collects 12; Phoenix collects 11; Opera collects 8; Safari and Microsoft Edge each collect 5; Firefox, UC Browser, and DuckDuckGo each collect 4; and Ecosia and Aloha each collect 2.

Developer communications: data is used to send news or notifications about the app or the developer. Three out of 15 mobile browsers collect data for this purpose: Google Chrome, Aloha, and Phoenix each collect 1 data type.

Fraud prevention, security, and compliance: data is used for fraud prevention, security, or compliance with laws. Five out of 15 mobile browsers collect data for this purpose: Yandex collects 7 data types; Google Chrome collects 5; Firefox collects 2; and Microsoft Edge and Opera each collect 1.

Personalization: data is used to customize your app, such as showing recommended content or suggestions. Eight out of 15 mobile browsers collect data for this purpose: Phoenix and Yandex each collect 8 data types; Google Chrome collects 6; Opera, Safari, and UC Browser each collect 2; and Firefox and Microsoft Edge each collect 1.

Data sharing with third parties

In addition to collecting user data, some mobile browsers also share this information with third parties, introducing additional privacy risks. When your data is transmitted beyond the original service provider, it may be used for purposes such as targeted advertising or analytics. Often, this occurs with less transparency and control for the user, which can result in issues such as unwanted profiling, increased exposure in the event of data breaches, and an overall decline in user privacy.

Our research reveals that five out of 15 popular mobile browsers share user data with third parties:

• Phoenix: device or other IDs, app interactions, crash logs, diagnostics, and other app performance data;
• Microsoft Edge: precise location, approximate location, and user IDs;
• Aloha: precise location, approximate location, and crash logs;
• Opera: device or other IDs;
• Yandex: user payment information.

Considering that these five browsers share your data with third parties, it is important to review privacy policies and take these practices into account when selecting a browser that meets your privacy needs.

Agentic AI browsers

Recent advances in artificial intelligence have given rise to a new category of web browsers known as agentic AI browsers. Unlike traditional browsers that primarily display content, agentic AI browsers are designed to actively assist users with their browsing tasks. Powered by integrated AI agents, these browsers can organize your tabs, draft emails, summarize news from multiple outlets, or even make purchases online on behalf of the user.

Two of the most popular agentic AI browsers are ChatGPT’s Atlas and Perplexity’s Comet⁴. Although released in October 2025, Atlas is not yet available for download on the Google Play Store as of now. In contrast, Perplexity’s Comet browser, launched in July 2025, offers similar AI-driven assistance and is already available on the Play Store, allowing Android users to access its features directly.

When it comes to privacy, we analyzed both the ChatGPT app and Perplexity’s Comet app, since Atlas was not available on the Play Store. Comet collects 14 different data types, while ChatGPT collects 10. Both apps also share device or other ID information with third parties. Comet gathers information such as web browsing history, email addresses, app interactions, precise location, and performance data. ChatGPT collects user-generated content, app interactions, email addresses, names, and performance data. The scope of data collection makes agentic AI browsers a less suitable choice for privacy-conscious users compared to other, more privacy-focused alternatives.

Mobile browser market share

Research shows that three browsers account for 94% of the global mobile browser market share. Chrome leads with 68.5%, followed by Safari at 22%, and Samsung Internet at 3.5%.

Chrome holds the largest market share in 154 out of 160 analyzed countries, often exceeding 50%, and is surpassed only by Safari in a handful of high-income countries. These include the United States, Canada, Denmark, Norway, Sweden, and Switzerland.

Samsung Internet has the largest market share in South Korea at 25.5%, which aligns with Samsung's home market advantage. Additionally, Samsung Internet ranks among the top five browsers in all analyzed countries and secures third place among 115 of them, trailing only Chrome and Safari.

While Chrome, Safari, and Samsung Internet dominate globally, some browsers have acquired major market shares in specific regions. Opera performs particularly well in African markets, capturing 30.5% in Nigeria and 24% in Kenya. In fact, Opera’s 10 largest market shares are all found in Africa. Yandex Browser holds a strong position in Russia at 17.8%. Meanwhile, Edge has its highest market shares in several Asian countries, including China, Taiwan, Hong Kong, and Japan.

Browser privacy risks across countries

We wanted to find out which countries have the lowest and highest privacy risks, depending on the browsers their populations use. To do this, we assigned each analyzed browser a privacy risk score based on the amount of data it collects and shares. We then calculated a country-level privacy risk profile by combining these scores according to the mobile browser market share in each of the 160 countries we analyzed. The higher the score, the more the country’s population tends to use data-hungry browsers.

The results show that people in Norway, South Korea, Sweden, Switzerland, Denmark, Canada, the US, and Taiwan use, on average, the most privacy-friendly browsers.

A closer look by region reveals:

Europe: Lowest privacy risk: Norway, Sweden, Switzerland, and Denmark. Highest privacy risk: Russia, Hungary, Bulgaria, and Serbia.

North America: Lowest privacy risk: Canada, the US, Puerto Rico, and Jamaica. Highest privacy risk: Cuba, Mexico, Nicaragua, and Haiti.

Asia: Lowest privacy risk: South Korea, Taiwan, Japan, and Bahrain. Highest privacy risk: the Philippines, Myanmar, India, and Bangladesh.

Oceania: Lowest privacy risk: Australia and New Zealand. Highest privacy risk: Papua New Guinea.

South America: Lowest privacy risk: Uruguay, Colombia, Chile, and Paraguay. Highest privacy risk: Venezuela, Bolivia, Peru, and Brazil.

Africa: Lowest privacy risk: Nigeria, Ghana, Mauritania, and South Africa. Highest privacy risk: Ethiopia, Mozambique, Madagascar, and Burkina Faso.

Overall, Europe stands out as the most privacy-friendly continent, with the lowest average privacy risk scores, while Africa and South America have the highest scores. North America, Asia, and Oceania fall in the middle range.

For the full privacy risk scores of all countries, see the map below.

How does excessive data collection affect you?

The more data a browser collects, the less private your online life becomes. When you consent to share your data, you lose control over how it’s used. Your browsing habits and interests can reveal highly sensitive details, such as health concerns, financial status, political views, or personal struggles. This information may be stored, shared, or sold to third parties, often without clear visibility into who ultimately has access to it.

The consequences are worrying. Collected data allows companies to create a digital profile of you, predict your behavior, and make decisions such as showing you different prices⁵, ads, or offers.

Your personal data allows companies to tailor content and ads. Without even realizing it, you might encounter certain ideas, products, or opinions and make your decisions based on them.

Ultimately, the uncontrolled sharing of personal data can lead to serious security risks. If a company suffers a breach or mishandles data, there’s a high chance your information could be leaked or exposed. According to IBM, personal data that can identify individual customers was the most commonly compromised type of information in data breaches in 2025.⁶

How to treat your data safely

Here are Surfshark’s tips for sharing less personal data and protecting what you choose to share:

• Share only what’s necessary. Provide the minimum information your mobile browser needs to function, and avoid apps that request excessive data;
• Review app permissions regularly. Don’t allow access to precise location, personal content, financial details, contacts, or your camera unless it’s truly needed;
• Use strong, unique passwords. Avoid reusing passwords across apps, and consider using a password manager to keep them secure;
• Enable two-factor authentication (2FA). This adds an extra layer of protection to your accounts;
• Keep your browser up to date. Updates often include important security fixes and privacy improvements;
• Check for data leaks if you’re unsure. Use tools like Surfshark Alert to monitor whether your personal information has been exposed.

Methodology and sources

For this study, we selected 15 popular mobile browsers and analyzed their privacy policy pages on the Google Play Store. We examined how many data types each browser collects, how many of those data types are shared with third parties, and the stated purposes for collecting this data. Data for Safari was collected from the Apple App Store and cross-referenced with data from the Google Play Store, since Safari is not available on the Play Store.

We also reviewed the same policies for two agentic AI browsers: OpenAI Atlas and Perplexity Comet. Since Atlas is not yet released on mobile, we examined the data collection practices of the ChatGPT app instead.

Additionally, we identified the top five browsers used in each of the 160 countries analyzed. We created a browser privacy risk score using the following formula: total data types collected plus data types shared with third parties. For each country, we multiplied the privacy risk score of each top browser by its usage share, then divided by the total usage percentage of the top five browsers in that country. This adjustment accounts for browsers that were not included in our study.

For example, if a country’s mobile browser market share is 80% Chrome, 15% Safari, and 5% Samsung Internet, the country’s privacy risk score would be calculated as follows: (0.8 × 19 [Chrome’s privacy score]) + (0.15 × 8 [Safari’s privacy score]) + (0.05 × 2 [Samsung Internet’s privacy score]) = 16.5.

The final result was a country-level privacy risk score. By comparing these scores across countries, we were able to reveal global privacy trends related to browser use.

Data was collected from:

References: