Your phone knows almost all there is to know about you. Where you work and live, where you travel, who you’re friends with, what you write in your emails and messages. The same is true for many of the apps you use, but some are nosier than others. The ones on this list are the worst apps for your privacy.
Facebook tracks you across all its apps and websites. It even tracks you when you log off Facebook. Its app requires almost every permission there is. It wants access to:
In essence, the app wants full control of your device and claims it’s necessary for the app’s functionality.
It knows when you log in and how long you spend on the platform. It tracks where you go, what you buy, what you browse.
Facebook collects all this information to serve you targeted ads. What’s more, the company has leaked its user data through numerous breaches. Facebook has proven time and again that your personal data isn’t safe in their hands.
Facebook Messenger is even worse – it does not use end-to-end encryption. The app probably stores your private messages in plain text on their servers. If that’s the case, they can be reached by any employee with login credentials.
Mark Zuckerberg has admitted that Messenger automatically scans all the links and images you send to your friends. When the algorithm finds them suspicious, moderators read your messages and block them if they do not meet company policy.
It is true that these measures stop fake news and unlawful content from spreading. However, you cannot trust Facebook to use your data only for good. Remember that Facebook:
Log out, delete Facebook and Messenger apps and switch to a more secure messaging app.
That’s easier said than done. With 2.13 billion users on Facebook and 1.3 billion on Messenger, you’ll find most of your family members, friends, and coworkers on these apps. Encrypted messengers like Signal are far less popular, and there is no alternative social network as popular as Facebook.
If you can’t shake the Facebook habit, simply delete the apps and use your mobile browser to scroll. It’s slightly less convenient, but this extra step gives you time to reflect: “Do I really want to check the news feed AGAIN?” It also makes sure the apps can’t snoop on your traffic and other apps.
Your messages will remain readable to Facebook, and your data will still be vulnerable to all security breaches to come, but Facebook will have a much harder time tracking you without their apps.
Your shiny new weather app wants to access your location. Sounds reasonable enough – it can’t tell the weather if it doesn’t know where you are.
But after you grant permission, the app tracks your location 24/7 and sells this data to advertisers. Such apps are numerous, and they all sound the same:
And it’s not only the weather apps you need to worry about. It can be any app that provides local news or tells about events in your city or informs you about new restaurants worth visiting. Any of those may be trying to get your data for location-based advertising.
Weather apps will sell data on where you work, how you commute, who’s your physician, and what gym you frequent. There is no guarantee that your location data will be handled properly. It could be leaked, or sold further down the line. Image if someone from your area obtained your location data, even without your name.
Not all weather (or local news) apps are bad for your privacy, but to find the trustworthy ones, you’ll have to read the fine print.
Apps that sell your location are not honest about it. They hide this fact in thousand-word policy texts written in legalese. If you can’t bear reading them (few can), research them. Check the reviews and their reputation on the web.
One potential solution is to select your location on the app without giving it permission to track your location. This feature might not be readily apparent since they want you to let them track you, but it is likely available.
You can also check tomorrow’s weather online.
Multiplayer games are all about interaction and player engagement. You solve puzzles, level up, and have fun with friends and family.
However, games like Words with Friends collect an obscene amount of personal data.
Zynga, which created Words with Friends, the megahit FarmVille, and many other successful games, tracks and logs all kinds of personal data:
All that because you wanted to play online scrabble.
Zynga is not unique in the mobile game market. A lot of developers track their player data and sell it to the highest bidder. If you’re lucky, the data is depersonalized, but it might not be.
If the app is free, the developer still needs to make money somehow. They do that by selling your data for targeted advertising.
Before downloading any app, check the permissions and see if you can run it without giving it any of the permissions it needs to track your data.
In 2014, it came to light that the NSA hacked the game Angry Birds and siphoned player data. The developer claims that the vulnerabilities in the app have been fixed.
In 2013, the Federal Trade Commission charged a popular flashlight app because it shared location data with third parties without user knowledge or consent.
What these cases show is that you cannot learn about the worst privacy apps from past incidents. When vulnerabilities become known, they are fixed. When scammy apps are found, they are blocked from Google Play and the App Store.
You need to worry about the vulnerabilities that haven’t yet been found. No one knows which app will be next to leak the data of millions.
As an example, take a look at the NordVPN app. On Android, it asks for 0 permissions. On iOS, it asks for 2 permissions for evident reasons:
Your phone probably has too many apps. Deleting the ones you don’t use will optimize your phone's performance and protect you from potential vulnerabilities. Updating the ones you use will help keep them secure.
Many apps can still function without getting all of the permissions they ask for. Experiment with your favorite apps and see if they still work the way you want them to with some or all of their permissions deactivated. If one of those invasive permissions was for a feature you don’t use, revoking it makes a lot of sense.
Poorly configured apps can have vulnerabilities that will leak your traffic and data to snoopers. With a VPN app, every connection your device makes online will be encrypted, which includes your apps. If you do use a vulnerable app, this can help protect you from certain types of attacks.
You can try NordVPN risk-free with your favorite apps thanks to our 30-day money-back guarantee.
To stay up-to-date on all things cybersecurity, sign up to our monthly blog newsletter below.