Companies want your data and often make privacy agreements needlessly complex in order to strong-arm you into blindly giving it away. This “freeware” software model – wherein a company effectively offers the use of one of its apps for free in exchange for access to user data – has exploded in popularity in recent years. Companies may then use this data to inform targeted advertising campaigns, refine their own product, or sell user data to another company.
A study conducted by Oxford University in 2018 found that 90.4% of free apps transfer user data to at least one other company (though on average, a typical free app transfers data to at least five different companies). But some apps are more invasive than others. The study concludes that: “There are differences in the behavior and distribution of trackers depending on the functionality or purpose the app provides.”
As the small print gets smaller and user agreements grow increasingly more complex, business experts at OnDeck wanted to help mobile users better navigate the world of app privacy and data permissions.
What We Did
We reviewed the privacy details in the Apple App Store for over 200 business apps across 11 categories, from business intelligence & analytics to sales & customer care. According to Apple’s app privacy details on the App Store, apps may track up to 32 segments of data within 14 data types.
- A segment is a personal data point such as your name, a payment method, or your precise location. These segments are sorted into data types.
- Data types are groupings of segments such as ‘Contact Info’, ‘Location’, and ‘Search History’.
- Segments and data types are not to be confused with categories which are the groupings that the apps themselves are sorted into. These include categories such as ‘Marketing’, ‘Project Management & Productivity’ and ‘Finance & Accounting’.
For example, the ‘Contact Info’ data type contains five data segments including name, email, phone number, and so on.
We recorded how many of the possible 32 data segments each app collects from its users as filled in by the app developers when submitting their app to Apple App Store. Lastly, we calculated the total count of segments tracked by each app to create overall app category rankings highlighting the business apps that collect the most and least data. An app is considered more “invasive” or “data-hungry” the more data segments it collects from its users.
- With 32 data segments of personal data, Facebook Messenger came up top as the most invasive Communications app in our study.
- Requiring permissions for 26 data segments, PayPal is the most invasive Finance app.
- eBay is the most invasive eCommerce app, collecting 21 data segments from its users.
- When it comes to HR & Employee Management apps, the most data-hungry app was Glassdoor collecting 21 data segments.
- Google Drive collects 19 data segments, making it the most invasive app in the Content & Files category.
- On average, Marketing apps collect 5 out of the 32 segments of personal data, the most of any app type.
Choose Wisely: The Most and Least Data-Hungry Apps By Category
In the modern digital economy, where data is currency and user insights can provide a decisive edge over any potential competition, it is no surprise that many of the largest, most successful companies have the most invasive apps. In nearly every category they are in, Facebook and Google’s suite of business apps rank as the most invasive. Browse the graphic below to see the business apps that collect the most and least data by category.
Which Type of Business App Wants the Most Data?
Different business app functions tend to require different data permissions. The value of a marketing app, for example, often depends on the number of users in its network and the amount of data it can collect from them. On average, marketing apps collect 16.5 out of the 32 points of personal information in our analysis, the most of any business app category.
Meanwhile, apps that provide services like printing or IT management naturally need less user data and tend to have relatively few data permissions. Business intelligence apps require the least data of any category, requiring just 4.5 points of personal information on average. The graphic below shows the types of business apps that require the most and least data.
Business Intelligence: Zoho Analytics Collects the Most User Data
Business intelligence apps are a crucial asset for many organizations, allowing users to query large datasets and create reports, dashboards, and data visualizations with ease. While, on average, business intelligence apps do not require many data permissions, some of the most popular apps require a surprising amount of data permissions. The graphic below shows the BI apps that collect the most and least data.
Zoho Analytics and Domo require access to user photos and videos – something no other BI apps in our analysis require. Zoho Analytics is the most invasive, requiring 13 out of the 32 data segments. MicroStrategy and IBM Cognos are the least invasive, requiring no personal data.
Communication: Webex Remains A Viable, Non-Invasive Videoconferencing Alternative
The use of online communication tools skyrocketed during the COVID-19 pandemic. According to another recent Pew survey, 81% of U.S. adults have used video conferencing software since February 2020, and 40% have used digital technology or the internet in a new or different way.
While Zoom rose to the top of the teleconferencing market, with an average of 300 million daily meeting participants, users concerned about privacy may want to move to Cisco Webex, which has approximately 10 million daily meeting participants. While Zoom collects 15 of the 32 segments of personal data in our analysis, Webex collects none.
Content & Files: Google Drive Collects the Most Data
One of Google’s greatest assets is its user data. Google’s vast trove of personal information powers targeted advertising, personalized suggestions, improvements in usability, and its flagship search algorithm and gives the search engine an edge over any potential competitor.
Many of the company’s most popular apps and services are essentially offered to users for free in exchange for access to their data. The company’s office suite – Google Drive, Google Docs, Google Sheets, and Google Slides – tops the list of the most invasive content & files apps.
Devices & Printing: Adobe Scan Collects the Most User Data
According to reputation intelligence platform RepTrak, data privacy has become an increasingly important determinant of corporate reputation in recent years. In some cases, invasive business apps may even hurt a company’s trustworthiness in the public eye.
The Canon printing app, for example, requires just three segments of personal data, much fewer than the 10 required by the Adobe Scan app. While Canon ranks as the 11th most trustworthy company in RepTrak’s rankings, Adobe ranks as the 92nd most trustworthy.
Finance and Accounting: PayPal Takes the Lead as the Most Invasive App
While PayPal ranks as the 8th most trustworthy company, according to the most recent rankings from reputation intelligence platform RepTrak, the company’s app is one of the most invasive. PayPal collects 26 of the 32 personal data segments in our analysis, the most of any finance & accounting app in our analysis. Business owners concerned about privacy may search the graphic below to find a less invasive app for their payroll and invoicing needs.
HR & Employee Management: Glassdoor Is the Most Data-Hungry HR & Recruiting App
In recent years, the recruiting and job search industry has shifted increasingly online. According to a Pew survey, the percentage of Americans who research jobs online doubled from 2005 to 2015 and has continued to increase since then.
As the online recruiting industry continues to grow – Fortune Business Insights projects it will grow 41.8% from 2022 to 2027 – business owners should know which apps are the most invasive. Of the four major recruiting apps – Glassdoor, LinkedIn, ZipRecruiter, and Indeed – Indeed is the least invasive, requiring 15 of the 32 data segments in our analysis.
IT Management & Security: X-VPN Is the Most Invasive IT App
Any mobile user concerned with privacy should know which IT management & security apps require the most data permissions. The VPN service X-VPN is the most invasive, requiring 14 of the 32 personal data segments in our analysis.
According to online reviews, X-VPN also stores user logs – a negative for anyone seeking complete privacy on the internet. The graphic below shows the most and least invasive IT management & security apps.
Marketing: Facebook’s Suite of Apps Collect the Most Data, Hubspot the Least
As marketing tools, social media sites are only as valuable as the number of users they reach and the amount of user data they collect. As a result, the most valuable marketing tools are also the most invasive. Instagram and Facebook, for example, collect all 32 segments of personal data in our analysis.
Even Facebook apps designed for internal use, such as Meta Business Suite and Meta Ads Manager, collect all 32 segments of personal data. For those concerned about privacy, the graphic below shows alternative marketing apps that require relatively few data permissions.
Project Management: Amazon A to Z Collects the Most User Data
Invasive data policies can be a double-edged sword, impinging on user privacy while also allowing for greater functionality. Google Calendar, for example, is one of the most invasive product management & productivity apps, requiring 17 of the 32 points of personal information in our analysis.
While Google Calendar’s data collection policy is aggressive compared to other apps, it also allows the app to coordinate with other Google services, syncing calendar dates with apps like Gmail, Google Meet, and Google Docs. Those looking for an alternative, however, may want to browse the graphic below to see the product management & productivity apps that collect the most and least data.
Sales and Customer Care: Square Appointments Is the Most Invasive
Sales and customer care apps may collect sensitive information that could leave both a company and its customers vulnerable if ever exposed. Square Appointments is the most invasive, collecting 22 of the 32 segments of personal data in our analysis.
Square is the only sales and customer care app in our study that collects payment information, credit card details, and other financial data. For business owners looking for an alternative, there are plenty of sales and customer care apps that require little to no data permissions.
Website and e-Commerce: eBay Collects the Most Data
Website and e-commerce apps that offer targeted advertising services tend to be the most invasive. eBay, for example – which offers target advertising through its Advanced Audience Technology platform – collects 21 of the 32 segments of personal data in our analysis, the most of any website and e-commerce app.
eBay is the only app within this category that requires access to a user’s contact list and also requires relatively uncommon permissions such as browsing history, search history, and purchase history.
If You Can’t Figure out What the Product Is, It’s You
While two apps can require the same number of data permissions, they often vary in the type of data they may collect. While Twitter and TurboTax each require 19 of the 32 personal data segments in our analysis, for example, Twitter requires data on location and contact lists, while TurboTax does not. Conversely, TurboTax requires data on payment and other sensitive information, while those are not required by Twitter. Click through the table below to see the specific data permissions required by the most and least invasive business apps.
As the saying goes, if you can’t figure out what the product is, it’s you. Many business apps offer free services in exchange for access to personal information, allowing users to effectively pay for services with their personal data. As the number of major data breaches rises every year, knowing where and how your data is stored is more important than ever. Whether you are a business owner or a casual mobile user, knowing the most and least invasive business apps can help inform your approach to responsible data practices.
Privacy policies of business apps were checked for the types of data the apps collect from their users across “Data Used to Track You,” “Data Linked to You,” and “Data Not Linked to You” as filled in by the app developers when submitting their app to Apple App Store.
The types of data collected by each app were then cross-referenced with Apple’s App Privacy Details to determine how many of the possible 32 data segments (e.g., Name, Email Address, Phone Number, Physical Address, Other User Contact Info, Health, Fitness, Payment Info, Credit Info, Other Financial Info, Precise Location, Coarse Location, Sensitive Info, Contacts, Emails or Text Messages, Photos or Videos, Audio Data, Gameplay Content, Customer Support, Other User Content, Browsing History, Search History, User ID, Device ID, Purchase History, Product,, Interaction, Advertising Data, Other Usage Data, Crash Data, Performance Data, Other Diagnostic Data and Other Data Types.) each app collects from its users. Most and least invasive apps were determined based on the total count of segments tracked by each app. In cases where multiple apps were tied as least invasive, an app that was most similar to the most invasive app was listed as the least invasive (and best alternative).
The data was collected in April 2022.