Uncovering the biggest data collectors: which companies are at the top?

• Companies, including Facebook and Instagram, heavily use and track user data.
• Surfshark uncovers extensive data tracking by shopping and food delivery apps, with Wish and DoorDash as notable examples.
• Surfshark’s analysis shows major apps like Facebook and Wish extensively link and track user data, raising privacy alarms.

Data has become the new currency – but we know this already, and major companies worldwide are capitalizing on this trend. From social media giants to e-commerce platforms, businesses are collecting, analyzing, and using customer data in ways that are often invisible to the average user. This data collection serves various purposes, from improving user experience and personalizing services to more contentious practices like targeted advertising and selling information to third parties. While data-driven strategies can enhance business operations and customer satisfaction, they also raise significant privacy concerns.

Surfshark’s eye-opening data privacy study

This issue was brought to light in a recent study conducted by Surfshark’s Research Hub, which investigated the data privacy practices of 100 popular apps. The study reveals a worrying pattern in handling customer data, especially in shopping and food delivery services. Notably, apps such as Amazon Shopping and Wish are identified as major culprits in extensive user data collection. The findings indicate that over one-third of the data collected by shopping and food delivery apps is tracked and potentially shared with third-party advertising networks or data brokers. This kind of data handling poses a substantial threat to user privacy.

Surfshark’s research is further enhanced by a free app privacy checker tool. This tool lets users take control of their digital footprint by allowing them to select specific apps on their phones and receive detailed reports on the extent of data collection. Such tools are essential in an era where data privacy concerns are increasingly coming to the forefront of public consciousness, urging consumers and companies to rethink the balance between data utility and privacy.

Agneska Sablovskaja, lead researcher at Surfshark, noted that on analyzing 100 popular apps on the App Store, the company found a worrying trend where nearly 20% of collected data was used for tracking.

“Such tracked data can be shared with third-party advertisers or data brokers, who use it to deliver personalized ads targeting the users, or help companies with their market research,” said Sablovskaja. “Understanding an app’s privacy policy is crucial for safeguarding digital autonomy.”

The study by Surfshark reveals a significant trend in data collection among shopping and food delivery apps. These apps gather 21 out of 32 possible data points, higher than the average of 15 across all 100 apps examined. Notably, these apps are more likely to link collected data to the user’s identity, with 95% of the data points associated directly with users. Furthermore, a considerable portion of this data, approximately one-third, is used for tracking purposes.

Wish is the most data-intensive app in the shopping and food delivery category. It collects an impressive 24 of the 32 data points, linking almost all of them to the user’s identity. Over a third of this data is used to track users, a figure significantly higher than the average. This includes email addresses, precise locations, and purchase histories. Similarly, DoorDash is notable for using around 40% of its collected data points for tracking purposes.

In contrast, Amazon is unique among the analyzed shopping and food delivery apps because it does not use the data it collects to track users. But it still gathers a substantial amount of user data, collecting 25 of the 32 possible data points, all linked to the user’s identity.

Focusing specifically on food delivery apps, Uber Eats is prominent for tracking the most data points (12 out of 21 collected), including sensitive information like phone numbers, physical addresses, and search histories. GrubHub and Instacart also track many data points, with 11 and 10, respectively.

The ten shopping and food delivery apps analyzed in the study include Amazon Shopping, eBay Marketplace, AliExpress, Etsy, Wish, DoorDash, Uber Eats, Grubhub, Deliveroo, and Instacart. These findings highlight this sector’s extensive data collection practices, emphasizing the need for increased awareness and possibly regulation regarding user data privacy.

The top 10 least privacy-sensitive apps

Surfshark’s recent investigation revealed several apps with notably poor privacy practices. To evaluate these apps, the company developed a unique system to assess each app’s data collection and usage level.

The evaluation system ranked apps based on the collected data points, with the maximum possible score of 32. In cases where apps collected equal data points, they were further ranked based on how much they used this data to track users.

Facebook and Instagram emerged as the most privacy-invasive apps in this study. Both apps, being Meta Platforms, Inc. products, collected all 32 data points defined by Apple, a distinction they alone held. Furthermore, all collected data is linked to the user, with 7 out of these 32 data points being employed for user tracking. This includes sensitive information like names, email addresses, phone numbers, and physical addresses.

Additionally, three other apps – Wish, DoorDash, and TikTok – were noted for using data points linked to users for tracking purposes. Each app collects 24 data points, significantly higher than the average of 15 found across all apps analyzed in the study.

For Wish and DoorDash, around 40% of the collected data points, including email address, precise location, and purchase history, are used for tracking. Similarly, TikTok uses three of its collected data points – the user’s email address, phone number, and device ID – for tracking purposes. This data collection and tracking level raises serious privacy concerns, highlighting the need for greater transparency and user control in data handling by these apps.

How companies handle the collected data

Surfshark’s analysis encompassed 100 apps, spanning ten different categories. These apps were selected based on their prominence in search engine results for queries like “the most popular [app category] apps.” The App Store identifies 32 unique data points under 12 distinct categories. Surfshark’s study focused on three main aspects of data collection: the types of unique data points gathered, the amount of data linked to users, and the data utilized for tracking purposes.

The study explores the extent to which collected data is associated with individual users and how it’s used for tracking across various services. Apple outlines three potential treatments for collected data:

• Use for tracking: this involves associating data from the app related to a specific user or device (like user IDs or device IDs) with data from external sources, such as third-party advertising networks. The primary use of tracking is in targeted advertising and measuring the effectiveness of these ads.
• Linking to users: in this context, linking refers to associating collected data with the user’s identity. Apple notes that data from an app is usually linked to the user’s identity, unless specific measures are taken beforehand to anonymize or de-identify it. This notion aligns with the typical definition of “personal information” or “personal data” in relevant privacy legislation, which inherently links to the user’s identity.
• Non-linked data: this data is not associated with the user’s identity.

Tracking often includes sharing data with data brokers—entities that compile detailed user profiles based on demographics, behavioral patterns, and interests, and then sell this information to various organizations—the applications of this data range from advertising and market research to financial risk assessment and beyond.

Surfshark’s study on data privacy practices in popular apps has revealed significant concerns regarding user data collection and tracking. Apps like Wish and DoorDash, along with social media giants such as Facebook and Instagram, exemplify this invasive practice by collecting extensive data points, a large portion of which is used for tracking users. This situation underscores the urgent need for heightened awareness and stricter regulations around data privacy to protect users from potential misuse of their personal information.

---

---

---