Brazil has asked Meta to rid its platforms of chatbots that mimic children and ‘are allowed to engage in sexually explicit dialogue’ – Copyright AFP/File Fabrice COFFRINI
A new study reveals that Instagram and Facebook are the apps that collect the most user data. This comes from the firm QR Code Generator, who analysed the privacy policies of over 5,000 apps from the Apple App Store. These apps were selected from a broader list of the top 100 apps in each category, with duplicates and those missing data removed.
To determine which apps are the most invasive, the firm created an index out of 100 based on 46 indicators including 35 types of data, six purposes for data collection, and five different types of user relationships. The level of privacy intrusion was measured by whether each data type is tracked and linked, tracked, linked, not linked or tracked, and not collected at all, with “tracked and linked” being the most intrusive.
Instagram and Facebook come in first place with an index score of 61.47 out of 100. Both apps are among the most widely used worldwide and collect 32 out of 35 data types, 25 of which are linked to the user, while seven are linked and tracked to the user. These apps also rank highly because of how invasive they are in collecting sensitive info like physical addresses, devices, and user IDs. This is in stark contrast with other popular entertainment apps such as YouTube and TikTok, which rank 27th and 76th.
Coming in third is Grab: Taxi Ride, Food Delivery, with a 55.57 out of 100 score. This app collects 27 data types, eight of which are linked to the user, and 15 are linked and tracked. As a ride-hailing and food delivery app, it collects sensitive information such as payment information and other financial data, as well as precise location and purchase history.
To gather the data:
- Detailed privacy policy data was scraped from all apps on each of the 164 ‘Top 100’ apps lists on the App Store website. After removing apps that appear multiple times, those missing privacy policy data, or those with a very low number of reviews, 5,021 apps remained.
- Up to 35 types of data may be collected from users by each app, with five levels of security implications and six different reasons for collection (see Table 1 below).
- The level of privacy-intrusion can be measured by whether each data type is: (from most to least intrusive) tracked & linked, tracked, linked, not linked or tracked, and not collected at all.
- An index was then compiled using the associated weightings for the 46 indicators listed below (see Table 2).
- The index compares the apps by the level of privacy intrusion by calculating a weighted score out of 100.
- A ranking was then calculated for each app both overall, and within its specific App Store category.
- Each app category was studied, the total number of apps within each category was studied, and the total number of reviews across these apps were found.
In fourth place, a three-way tie sees Threads, Meta Business Suite, and Messenger, each scoring 54.53 out of 100. These apps collect 32 data types, and while all are linked to the user, none are tracked.
Further down the list, Nordstrom Rack: Shop Deals ranks seventh with a score of 53.62, collecting 22 data types, four of which are linked to the user, and 18 are both linked and tracked.
In eighth place, Nordstrom follows closely with a score of 52.54. It collects 22 data types, five linked to the user and 17 linked and tracked.
Pinterest is in ninth place with an index score of 50.06. This app collects 29 data types, 22 of which are linked to the user and six of which are linked and tracked.
Rounding out the top ten is AE + Aerie, short for American Eagle Outfitters, the apparel brand, scoring 50.01 out of 100. This app collects 21 data types, three of which are linked to the user and 16 of which are linked and tracked.
Of all the apps and categories studied, Photo-Video Apps are the most invasive. Although only 23 were over the minimum review threshold and therefore eligible for the study, the category’s overall score is 38.54 out of 100.
These are followed by Social Networking Apps and Food and Drink Apps.
| Top 10 most invasive apps | |||||
| Rank | App Name | Total No. Data Types Collected | No. Data Types Linked to User | No. Data Types Linked & Tracked | Index Score (/100) |
| = 1 | 32 | 25 | 7 | 61.47 | |
| = 1 | 32 | 25 | 7 | 61.47 | |
| 3 | Grab: Taxi Ride, Food Delivery | 27 | 8 | 15 | 55.57 |
| = 4 | Threads | 32 | 32 | 0 | 54.53 |
| = 4 | Meta Business Suite | 32 | 32 | 0 | 54.53 |
| = 4 | Messenger | 32 | 32 | 0 | 54.53 |
| 7 | Nordstrom Rack: Shop Deals | 22 | 4 | 18 | 53.62 |
| 8 | Nordstrom | 22 | 5 | 17 | 52.54 |
| 9 | 29 | 22 | 6 | 50.06 | |
| 10 | AE + Aerie | 21 | 3 | 16 | 50.01 |
Marc Porcar, CEO of QR Code Generator PRO S.L, tells Digital Journal: “In today’s world, we are incredibly reliant on smartphones, but more specifically, apps – whether we use them for communication, shopping, or transport, they are used on a day-to-day basis.”
