The number of apps that we just can’t do without keeps increasing every day. But could your favorite messaging or music apps leak your private information, making you easier targets for hackers? Leaked data can include your browser history, financial information, and location.
Within the framework of cybersecurity awareness month, Nomad, a digital eSIM provider, conducted a study of the top 10 everyday apps in the UK that put your data at risk. Using privacy data from the Apple App Store, it analyzed popular apps like WhatsApp, Gmail, and Instagram.
Cache Merrill, the founder of Zibtek, told Techopedia:
“These applications are prone to endanger the users’ information by assuming a lot more than what is required to perform their intended functions. “For instance, the location history feature in the Google Maps application is used to collect location-related history, Instagram observes movements of users for improving its ads, and WhatsApp uses end to end encryption but still sends metadata to its owner, Meta. The problems arise from how the information is kept, how and to whom it gets transferred or sold, as well as to how it can be exploited or abused.”
So, what are the 10 everyday apps that could become your foes rather than friends? And how can you protect yourself if digital detox is not for you and you don’t intend to put off your phone for good?
Key Takeaways
- Several of your favorite apps could put your personal and sensitive data at risk.
- These include Facebook, Instagram, Google Maps, and Apple Music, amongst others.
- The data at risk include location, financial information, contact information, health and fitness data, purchases, and more.
- One of the signs of risky app behavior includes asking for permissions they don’t need to operate normally.
- Using virtual private networks (VPNs) and accessing websites through private browsers can help keep your data safe.
What Makes an App Risky
One key warning sign that an app is risky is if it asks for permissions it doesn’t need to function normally. These include things like access to local files, address books, or your location.
Poor authentication and data transmission times can also make an app riskier, as your data can become badly encrypted or unencrypted altogether.
Apps that store personal data locally and those downloaded from unofficial app stores can be more susceptible to breaches.
Some specific applications, usually games like Candy Crush Saga, can also be vulnerable as they gather a lot of user data.
Another thing that can make an app even riskier than usual is using a public wifi connection either in your home country or while traveling overseas. In these cases, it becomes easier for hackers to distribute malware and steal sensitive and personal data.
Alan Bavosa, Vice President of Security Products at Appdome, said:
“The mobile apps most likely to put users’ data at risk fall into two broad categories. First, there are the hundreds of thousands of mobile malware/Trojan variants, like BrasDex, Xenomorph, Teabot, Eventbot, just to name a few.
“These Trojans are designed to harvest sensitive information, take over accounts, and carry out other fraudulent activities, often disguised as fake apps or clones to trick users.
“Second, a significant number of legitimate mobile apps across all categories—banking, social media, healthcare, and more—are inadequately protected. This is often due to the myriad challenges developers face when trying to implement mobile app security using traditional, manual methods and the rapid evolution of attacks now powered by AI.”
Top 10 Everyday Apps That Put Your Data at Risk
So, which apps are the most dangerous for your data? You may be more than a little shocked at the answer.
Below are the 10 most common apps in the UK that have the highest possibility of leaking your data:
No. | App | No. Private Data Points Stored |
---|---|---|
1 | 17 | |
2 | 17 | |
3 | Spotify | 15 |
4 | YouTube | 14 |
5 | Facebook Messenger | 14 |
6 | Google Maps | 11 |
7 | Amazon | 11 |
8 | Apple Music | 10 |
9 | 10 | |
10 | Gmail | 10 |
According to Nomad, Facebook, Instagram and Spotify are the least private apps, with the top 2 both storing 17 private information points, including sensitive information, financial information and browsing history.
These two apps also track some activities linked to a person’s identity across apps and websites owned by other companies. “They really know a lot about our online habits,” the report states.
The following table shows which data may be collected by each of the apps and linked to user identity:
10. Gmail
Gmail is the most popular email provider worldwide, with over 1.8 billion active users across the globe. But is your data truly safe with them?
As it only makes use of regular Transport Layer Security (TLS), instead of automatically encrypting data, your data could be more vulnerable. The app is also likely to share personal data with third-party apps and other advertisers.
Gmail’s password recovery method is also not very strong and can fall prey to Structured Query Language (SQL) injection attacks.
A lack of regulations in Europe regarding email tracking exacerbates this.
9. WhatsApp
WhatsApp is one of the most popular and widely used messaging platforms in the world. It has more than 2.8 billion users globally, and this number is expected to cross 3.14 billion by next year.
The app has recently faced a slew of security concerns. This mainly stems from the amount of data it collects, such as connection and device information, usage information, cookies, contact information, profile pictures, and more.
WhatsApp is also prone to hacking, as well as hoaxes and fake news being circulated. Third-party integrations and plugins, along with phishing and malware attacks, can further compromise your data.
Furthermore, your media and messages’ backup may not be encrypted, leaving your data vulnerable.
8. Apple Music
As of June 2023, Apple Music had about 93 million subscribers worldwide, making it one of the biggest music streaming platforms in the world. However, this may be putting your data more at risk.
The app collects data about your searches and downloads, what you listen to, and what you add to your library. It also gathers data like messages, interaction with features, account and device details, your Apple Music profile, IP address, and more.
This data is then shared with developers, partners, publishers, Apple-affiliated companies, and service providers acting on Apple’s behalf. Apple also uses this data to personalize your experience, pay royalties, prevent fraud, and improve its services, among other things.
7. Amazon
Amazon is one of the largest online shopping websites in the world, with about 3.25 billion visitors, as of June 2024.
The app collects various consumer data, such as interactions with products, the website itself, and its other services, like product orders and searches. It also gathers delivery, contact, and payment details, along with demographic information. This data is then used to detect and prevent fraud, personalize ads, and provide better services, among other things.
Although the app maintains that it does not sell data to third parties, it has been involved in several data security and privacy concerns, such as the AMZReview scandal, General Data Protection Regulation (GDPR) breaches, and data tracking.
6. Google Maps
Google Maps is one of the most used navigation apps today. It is already pre-installed on most smartphones, and 67% of smartphone owners reveal that they use the app frequently.
However, Google Maps could still collect and share key data about you, such as location history and diagnostic information. This data is then used for advertising purposes, navigation, and real-time updates. It is also used to build trends, such as when some places are most busy.
Seth Geftic, Vice President of Product Marketing at Huntress, said:
“Apps like Google Maps likely present a lower risk, but you should still be careful. As your profile tracks your location history, if this data is stolen, it could give malicious actors information about your movements. This could make it easier for someone to find your home or workplace address.”
5. Facebook Messenger
Facebook Messenger has approximately 1 billion users in 2024, making it the third most popular mobile messenger app globally. About 40 million businesses also use the platform.
However, there are concerns that Facebook Messenger may let Facebook access users’ tablets and phones without consent, allowing it to make phone calls, take photos, and download private files.
Facebook Messenger is also prone to scams, including those asking for money, pretending to be friends or family, and wanting personal information. Given that the messaging platform still has many older and more vulnerable users, this can be especially alarming.
4. YouTube
As of April 2024, YouTube had nearly 2.5 billion monthly active users worldwide. However, the platform you use the most to watch videos could be watching you as well.
YouTube collects various data, such as watch and search history, comments, uploaded content, and location data. These are then used to personalize search results, rectify bugs, target advertising, and improve the app as a whole.
The app can be susceptible to malware, which can spy on you, gain access to your account, and leak your data. In several cases, your personal information, such as videos, contact information, or other identifiers, could be posted to YouTube without your knowledge or consent, which is especially concerning for minors.
3. Spotify
One of the most loved music streaming platforms, Spotify, could also be bad for your data, as it turns out. Spotify has about 626 million monthly active users, as well as 246 million subscribers.
It gathers research and survey data, as well as payment, voice, and purchase details. Your photos, contacts, and other media files are also likely to be vulnerable.
It also tracks your playlists, as well as when and how often you listen to each song. Your phone sensor data and location are also likely to be tracked.
This information is then shared with third-party companies, both to promote Spotify on their websites and for advertisements.
2. Instagram
Launched in 2010, Instagram quickly took the world by storm, with 18-34 year-olds flocking to the platform the most. As such, with the high number of younger and more vulnerable users, data safety and protection have become all the more vital on Instagram.
Despite this, Instagram also follows a model similar to Facebook and collects a huge amount of user data. This data is shared with other companies owned by Instagram’s parent company, Meta, as well as with outside companies for advertising purposes. It is also used for communication, market research, and to prevent misuse.
Content, such as videos, photos, liked posts, and comments, as well as purchases, contacts, facial recognition data, and text messages, are at risk of being leaked. Other data, such as location, interactions, device details, and demographics, may also be vulnerable on the app.
1. Facebook
Although Facebook has lost some market share in the last few years, with the rise of other social media platforms like X (formerly known as Twitter), Instagram, and TikTok, it is still one of the most popular social media platforms.
However, it is also one of the most dangerous apps when it comes to data security, according to Nomad’s report. This is mainly because of Facebook’s revenue model, which depends heavily upon sharing user data with a number of third-party apps for things like advertisement targeting.
Other features, such as ‘like’ options on third-party websites and their automatic facial recognition software, also pose a risk to user personal data.
According to Nomad, Facebook users could potentially risk having their purchase data, location, contacts, identifiers, diagnostics, financial information, and contact information leaked. Usage data, health and fitness data, browsing history, search history, sensitive information, and other information are also very likely to be compromised.
How Can You Protect Your Data if You Can’t Stop Using Those Apps?
In case you rely too much on the above apps and can’t reduce or stop using them, here are some ways you can try to protect your data:
- Try not to enter or access sensitive information while connected to these apps.
- Use a Virtual Private Network (VPN) to mask your IP address and encrypt your data.
- Access websites only through private browsers as much as possible, while also trying to use only HTTPS sites, which will be shown in the URL. This will help reduce any risks of digital fingerprinting.
- Use a strong password and a password management service.
- Use browser privacy settings to delete history, cookies, and temporary files whenever you close a browser.
- Install updates to take advantage of the latest cybersecurity features.
- Back up your data to cloud storage or external hard drives to add an extra layer of protection.
Kee Jefferys, co-founder at Session, told Techopedia:
“To protect yourself and your data when using these apps, the first step is to review and adjust your privacy settings. However, keep in mind that there is little you can do to prevent the app’s company from collecting data about you. If you’re concerned about data collection, consider switching to alternative services that prioritize privacy.
“When installing these apps, be cautious about the permissions they request. As a general rule, deny permissions for functions you don’t intend to use. For example, if you’re installing Instagram but don’t plan to post images directly from the app, deny permission for access to your camera and microphone. Being selective with permissions can help reduce the amount of data these apps collect about you.”
Dr. Brian Callahan, the Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute, said:
“The best way to protect your data is to not give it out in the first place. Data that apps do not have on you is data that cannot be stolen.
“People should also be wary of oversharing on social media sites: it is often the case that information about a person is learned not from data theft but from the data people are willingly sharing to the entire world.
“Location, friends and associates, occupation, and much more is often divulged by people every day in public on social media; you can construct a frightfully accurate dossier on a person from the data they share. Companies build such dossiers on people every day. I would recommend people be more wary about what they share above worrying about data being stolen.”
The Bottom Line
Several apps we use every day, such as Facebook, Instagram, YouTube, WhatsApp, and Google Maps, collect and could potentially leak personal data.
Although the best way to protect your data from these apps is to restrict their usage or at least stop oversharing, if this is not possible, there are some other ways you can try to keep your data safe.
These include using VPNs, having a strong password, using browser privacy settings, not accessing any sensitive information while using the above apps, and installing updates regularly.
FAQs
Which apps share your data the most?
What apps steal your information?
What apps use your personal information?
References
- Travel like a Local | Nomad – Best eSIM for Travelers (Getnomad)
- Gmail Statistics For 2024 (Users, Market, Revenue & More) (Demandsage)
- WhatsApp global unique users 2024 | Statista (Statista)
- Apple Music subscribers 2015-2023 | Statista (Statista)
- Amazon Key Statistics 2024: Know Amazon Better To Grow Sales (Ecomclips)
- Amazon Data Breaches: Full Timeline Through 2023 (Firewalltimes)
- 29 Google Maps Statistics: Verified and Updated For 2024 – On The Map Marketing (Onthemap)
- Managed Cybersecurity Platform for SMBs and IT Providers | Huntress (Huntress)
- Most popular messaging apps 2024 | Statista (Statista)
- Global YouTube user age & gender distribution 2024 | Statista (Statista)
- Spotify — About Spotify (Newsroom.spotify)
- Instagram Statistics Marketers Should Know in 2024 [Updated] | Sprout Social (Sproutsocial)