SHARED INTEL: A breakout of how Google, Facebook, Instagram enable third-party snooping

By Federico Morelli

More and more consumers are using apps every year. In fact, Google Play users downloaded 111.3 billion apps in 2021 alone, up more than 47 percent since 2018.

Related: Microsoft CEO calls for regulating facial recognition.

This increased demand for apps also raises the need for improved data protection measures, which Google took steps to address with the new data safety section they launched in July 2022.

This data safety section aims to help users understand how apps handle their data (especially when it comes to collection and sharing) and make more informed decisions about which apps to download.

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. The results shed light on how much data apps really share, which apps pose the biggest risks to data privacy, and how transparent developers are about their practices.

Rampant ‘sharing’

The study revealed that more than half (55.2 percent) of the apps share user data with third parties.

•13.4 percent share approximate location history

•6.77 percent share email addresses

•4.77 percent share names

•3.85 percent share home addresses

•3.85 percent share precise location

•3.23 percent share photos

•1.85 percent share in-app messages

•1.69 percent share videos

•0.62 percent share sexual orientation

•1.54 percent share files and docs

•0.46 percent share SMS or MMS

•0.15 percent share race and ethnicity

•0.15 percent share religious and political beliefs


It turns out that free apps share the most user information, a staggering 7 times more data points than paid apps. Data is extremely valuable in the digital world, with some even calling it the “new oil.” In fact, the data trade industry is worth over $257 billion and growing yearly. It makes sense that free apps share the most data: users effectively pay with their personal information.

Following closely behind on the worst-offenders list are popular apps (with more than 500,000 downloads). These apps share 6.15 times more data than less popular apps. The reason behind this remains unclear and could be dependent on multiple variables. One possible explanation that Incogni researchers offered is that free apps have, on average, 400 times more downloads than paid apps.

Among the app categories, shopping, business, and food & drink were found to be sharing the most user data. So it’s best to think twice before downloading an app from one of these categories, especially if it’s free and/or popular.

Greediest data harvesters

Social media and business apps collect the most data. While sharing is usually what consumers find most alarming when it comes to how apps handle their data, collection can be just as important to online privacy and security.

According to Incogni’s study, social media and business apps collect the most data. Many of these apps know almost everything about their users – from who their best friends are to what secrets they share with them in private messages.

The apps that do the most snooping, unsurprisingly, are:


•Facebook Lite


•Messenger Lite


Yet, despite harvesting the most personal data, these apps declare sharing very few data points.

Aside from the obvious invasion of privacy concerns, having personal information stored by apps can pose other risks. Cash App, a popular mobile payment service, experienced a data breach in December 2021 that resulted in 8.2 million users’ personal information being leaked. Cash App isn’t the first and, unfortunately, isn’t likely to be the last app to experience such security issues.

Sharing vs. transferring

Even without breaches, more information on users may actually be proliferated online than what app developers declare sharing.

Google uses the term sharing only in relation to the transfer of user data to third parties. This does not include the transfer of anonymized data or the transfer of any data made to a service provider or for legal reasons.

This de facto means that your personal information may not be “shared,” according to the Google Play data safety section, but it may still be “transferred” without your knowledge.

While the transfer of data to service providers may be necessary, and for legal reasons,  justified, the transfer of anonymous data is still worrying. The term itself implies a level of privacy and security that may be misleading. In fact, research has shown that anonymous data can easily be re-identified 99.98 percent of the time using as few as 15 data points.

Bottom line

Google Play Store apps collect a lot of personal data. They share a lot of data. And they “transfer” a lot of data. Depending on their location, consumers are protected by data privacy laws like the GDPR or the CCPA but, ultimately, online privacy and security are still left mostly up to the individual.

This means that Google Play users should be very discerning when downloading apps. They should consider which types of apps they install, how much data these apps share, and how much data they collect (and “transfer”.)

About the essayist: Federico Morelli is a Content Manager at Incogni, a data removal company dedicated to helping consumers take back control of their personal information. Federico uses data analysis to tell stories about online privacy – which he believes to be a fundamental human right and a vastly underestimated issue of the digital world.
Headshot attached.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone