GUEST ESSAY: A breakout on how Google, Facebook, and Instagram enable third-party snooping

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, an increase of more than 47 percent since 2018.

Related: Microsoft boss calls for regulation of facial recognition.

This increased demand for apps also increases the need for improved data protection measures, which Google addresses with the new data security section introduced in July 2022.

This data security section aims to help users understand how apps handle their data (especially when it comes to collecting and sharing) and make more informed decisions about which apps to download.

To get an even deeper look into the data security and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. The results shed light on how much data apps really share, which apps pose the greatest privacy risks, and how transparent developers are about their practices.

Unbridled “sharing”

The study found that more than half (55.2 percent) of apps share user data with third parties.

• 13.4 percent share the approximate location history

•6.77 percent share email addresses

•4.77 percent stock names

• 3.85 percent share private addresses

• 3.85 percent share the exact location

•3.23 percent share photos

•1.85 percent share in-app messages

•1.69 percent share videos

• 0.62 percent share the sexual orientation

• 1.54 percent share files and documents

•0.46 percent share SMS or MMS

• 0.15 percent share race and ethnicity

• 0.15 percent share religious and political beliefs


It turns out that free apps share the most user information, a staggering 7x more data points than paid apps. Data is extremely valuable in the digital world, some are even calling it the “new oil”. In fact, the data trading industry is worth over $257 billion and growing annually. It makes sense that free apps share most of the data: users are effectively paying with their personal data.

Close behind on the list of worst offenders are popular apps (with more than 500,000 downloads). These apps share 6.15x more data than less popular apps. The reason for this remains unclear and could depend on several variables. One possible explanation Incogni researchers offered is that free apps have, on average, 400 times more downloads than paid apps.

Among the app categories, shopping, business and food & drink share the most user data. So it’s best to think twice before downloading an app from any of these categories, especially if it’s free and/or popular.

The most greedy data collectors

Social media and business apps collect the most data. While sharing is usually the most worrying part for consumers when it comes to how apps are handling their data, collecting data can be just as important for online privacy and security.

According to the Incogni study, social media and business apps collect the most data. Many of these apps know almost everything about their users – from who their best friends are to the secrets they share with them in private messages.

The apps that sniff the most are unsurprising:


•Facebook Lite

•Delivery boy

• Messenger Lite

• Instagram

Yet despite collecting the most personal data, these apps claim to share very few data points.

Aside from the obvious breach of privacy concerns, apps storing personal data can pose other risks. Cash App, a popular mobile payment service, experienced a data breach in December 2021 that resulted in the personal information of 8.2 million users being leaked. Cash App isn’t the first and unfortunately won’t be the last app to encounter such security issues.

Sharing vs Transferring

In fact, even without violations, more information about users may be leaked online than app developers say they share.

Google only uses the term sharing in connection with the transfer of user data to third parties. Excluded from this is the transfer of anonymous data or the transfer of data to a service provider or for legal reasons.

This de facto means that your personal data may not be “shared” in accordance with Google Play’s data security section, but may still be “transferred” without your knowledge.

While the transfer of data to service providers may be necessary and justified on legal grounds, the transfer of anonymous data remains a concern. The term itself implies a level of privacy and security that can be misleading. In fact, research has shown that anonymous data with just 15 data points can be easily re-identified 99.98 percent of the time.

bottom line

Apps from the Google Play Store collect a lot of personal data. You share a lot of data. And they “transmit” a lot of data. Depending on their location, consumers are protected by privacy laws like the GDPR or the CCPA, but ultimately online privacy and security are still largely left to the individual.

This means that Google Play users should be very discerning when downloading apps. You should consider what types of apps they install, how much data those apps share, and how much data they collect (and “transfer”).

About the essayist: Federico Morelli is a Content Manager at Incogni, a data removal company dedicated to helping consumers take back control of their personal information. Federico uses data analysis to tell stories about online privacy – which he believes is a fundamental human right and a greatly underestimated problem of the digital world.
Headshot attached.

*** This is a syndicated Security Bloggers Network blog from The Last Watchdog written by bacohido. Read the original post at: