Skip to Navigation Skip to Content

How do your favourite mobile apps rate on privacy? 

Over the course of the pandemic, daily screen time has risen from 10 – 30%. As we’ve become more dependent on the internet to work, shop, and socialise online, we’re also more vulnerable to privacy breaches and digital surveillance.

In this article, we’ve rounded up ten of the most popular apps in 2021 to see how each rate on their privacy practices and data security.

1. TikTok
Privacy Rating: ⭐⭐⭐
Reason: Shady third-party data sharing practices. 

Known for its short-form videos that span everything from viral dances, comedy skits, DIY hacks, and product reviews, TikTok first exploded into the mainstream in the early days of the pandemic.

The app is also notorious for the former Trump administration’s efforts to ban it in the US, due to national security concerns around the fact that the Chinese government could legally demand TikTok to turn over all the data it collects on its users.

According to The Common Sense Privacy Program, a nonprofit organisation that conducts independent privacy policy evaluations, TikTok has a lukewarm privacy rating given their broad and vague policy around the sale of user data.

While their policy discloses that user information can be transferred to a third party, it’s unclear whether users are notified of a transfer; whether the data is anonymised beforehand; or if third parties are contractually required to use the same privacy practices as TikTok.

 2. Gaggle
Privacy Rating: ⭐⭐⭐
Reason: Intrusive and potentially harmful use of data surveillance and analysis tools. 

Since schools have adopted a host of remote learning tools and platforms, there have been a wave of privacy concerns and controversies about how far these technologies intrude into the personal lives of staff and students.

One such platform is Gaggle – a digital surveillance company that many schools have implemented to monitor student activity. 

Designed to “ensure the safety and wellbeing of students”, the platform positions itself as a mental health and suicide prevention tool through its “real-time content analysis” features that scan student content to identify any concerning content or behaviour.

While its privacy policy may tick most regulatory boxes, the collection of such sensitive personal information like photos, videos, the content of a student’s journals, and their interactions with peers seems excessive – and could do more harm than good.

In September this year, for example, one student was flagged by the system for using the word “suicide” in his school assignment, in which he was actually reporting how his mental health had improved.

In addition to causing the student’s teachers and parents undue worry, the system fails to consider the context of other flagged keywords and content or provide any meaningful analysis of such data.

Ultimately, Gaggle could be causing more issues than it claims to solve – some have even likened the software to a policing tool.

3. Instagram
Privacy Rating: ⭐⭐⭐
Reason: A rising tide of fake impersonation accounts are threatening the privacy and safety of women online

Thanks to poor data security standards and unclear data sharing practices, every millennial’s favourite photo-sharing app comes in at a 57% privacy rating in 2021.

However, the more sinister concern around Instagram today are the proliferation of fake porn accounts that build profiles off of photos stolen from real, female users.

As one victim of this common scam wrote, such accounts are targeted to male users to click on links that ultimately spread a virus or attempt to scam them.

While this disturbing trend seems to be only getting worse, Instagram is starting to implement identity verification processes for new users who sign up to the app.

4. Clubhouse
Privacy Rating: ⭐⭐⭐
Reason: Unlawful use of personal data

If you’re not already familiar with this invite-only app, Clubhouse is a social network app where users join exclusive, audio-only chat rooms.

Similar to a podcast, people join chat rooms to listen in and contribute to conversions hosted by popular content creators and other influential personalities.

Unfortunately for this rising star, Clubhouse has suffered multiple data breaches barely a year after launching, and its user acquisition tactics and data collection practices have also drawn scrutiny from privacy advocates.

For example, Clubhouse grows its user base by searching through a newly-joined user’s uploaded contacts to build profiles of other people who aren’t members yet, and inviting them to join – violating the GDPR’s regulations around using and sharing data with third parties.

5. Facebook (Marketplace)
Privacy Rating: ⭐⭐
Reason: Marketplace is rife with scams and moderators were given unrestricted access to users’ Messenger inboxes 

Buying and selling items online has never been easier with Facebook Marketplace, but it’s also become a hunting ground for scammers and, in some cases, predators who rob or even attack unsuspecting victims in person.

While Facebook has implemented AI technology to filter out scams to no avail, they’ve also deployed human moderators to handle complaints on the platform.

Disturbingly, these moderators were given unrestricted access to people’s private messages on Facebook to perform these tasks. Unsurprisingly, some workers were found to have abused this privilege to spy on former romantic partners.

While Facebook has rolled back some of these permissions, the lack of privacy training and consideration for how moderators could abuse their power reflects poorly on the already troubled tech giant. 

6. Zoom
Privacy Rating: ⭐⭐⭐
Reason: Collects and shares sensitive personal data with third parties 

After an infamous spate of Zoombombings in 2020, Zoom has had to step up its privacy and security policies fast.

The video conferencing app has since introduced a range of new security features, such as its locked Waiting Rooms and end-to-end encryption for meetings.

While these are all welcome changes, Zoom’s privacy policy still states that sensitive personal information such as your faces, voice, and meeting’s content are analysed and shared with third parties for marketing purposes.

If the thought of your virtual check-ins and personal calls being picked apart by Zoom’s team makes you uncomfortable, then perhaps it’s time to look for a different video chatting app.

7. Spotify
Privacy Rating:⭐⭐
Reason: Your behavioural data is Spotify’s biggest money-maker

Spotify seems pretty harmless, right? In actual fact, this popular music streaming app earns a 56% privacy rating on Common Sense for its policy around the collection, distribution, and sale of personal data.

Through the data it collects, such as recordings of voice-activated commands, what songs you listen to, for how long, and where you listen to them, Spotify can generate a pretty intimate picture about you and your personal life.

8. WhatsApp
Privacy Rating:⭐⭐
Reason: WhatsApp now answers to Big Tech and oppressive government policies 

While all WhatsApp chats are protected with end-to-end encryption, this doesn’t make the world’s most popular messaging app impenetrable to hackers and other invasions of privacy.

For example, WhatsApp and the Indian government have been locked in an ongoing battle against a new law that forces companies like WhatsApp to reveal who the “first originator of information” is for messages – a clear threat against journalists and other political activists.

In another blow to user privacy, WhatsApp changed its Terms of Service to effectively force users to share their data with Facebook (who owns WhatsApp). You only need to look at Facebook’s track record to be turned off by this new condition.

9. Depop
Privacy Rating: ⭐⭐⭐
Reason: The hot new shopping app for Gen Z isn’t so safe for impressionable young users

Depop is a peer-to-peer shopping app where users buy and advertise secondhand, vintage, streetwear, and other trendy or hard-to-find pieces. 

With a similar format and user experience to Instagram, Depop is the perfect platform for tech-minded and fashion-savvy teens, however, it’s also become another avenue for sexual predators to target and harass users through its direct messaging feature.

One investigation found that young people were often tricked into sharing their personal information or taking photos of themselves modelling their clothes in suggestive poses or angles.

As most parents would understand, younger teens are much more susceptible to grooming and trusting strangers, and Depop presents itself as yet another channel that predators have direct access to their children.

While Depop does have a policy around modelling revealing clothes and directs users to “only use Depop’s messaging system to talk to buyers and sellers”, it’s unclear how this is enforced or how users are meant to differentiate between legitimate “buyers and sellers” and fake accounts.

10. Flo Health
Privacy Rating: ⭐⭐⭐
Reason: Flo unlawfully shared user data with third parties

Flo is a period tracking app that helps its 200 million users track of their cycle, plan for pregnancy, and maintain their day-to-day physical and mental wellbeing.

It came as a huge shock to users, then, when it was uncovered that Flo had been sharing their sensitive health data with third-party analytics and marketing partners – without their knowledge or consent.

While the company has since updated their privacy policy to disclose which third parties they are partnered with and what data is shared with them, they’ve lost a lot of loyal users in the process who once thought of the app as a “safe space”.

What can mobile app developers learn from each of these companies, then? With every scandal, breach, and privacy threat covered here, it goes to show how important (and smarter) it is to take a privacy-by-design approach.

Having a documented privacy policy and ensuring you comply with all applicable privacy regulations at the outset won’t just keep you out of legal trouble, it’ll also help you design a safer, more secure app for your users.

Generate a mobile app privacy policy

Building a new app but don’t have the legal smarts to write your own policy? Get started now with our app privacy policy generator.