Your IP: Unknown · Your Status: Unprotected Protected

Blog In Depth

The 5 worst apps for your privacy

May 10, 2019 · 6 min read

The 5 worst apps for your privacy

Your phone knows almost all there is to know about you. Where you work and live, where you travel, who you’re friends with, what you write in your emails and messages. The same is true for many of the apps you use, but some are nosier than others. The ones on this list are the worst apps for your privacy.

1. Facebook

Is Facebook good for your privacy?

Facebook tracks you across all its apps and websites. It even tracks you when you log off Facebook. Its app requires almost every permission there is. It wants access to:

  • Your contacts, call logs, and text messages
  • Your camera and microphone
  • Your internal storage
  • Your Wi-Fi
  • Your location

In essence, the app wants full control of your device and claims it’s necessary for the app’s functionality.

It knows when you log in and how long you spend on the platform. It tracks where you go, what you buy, what you browse.

Facebook collects all this information to serve you targeted ads. What’s more, the company has leaked its user data through numerous breaches. Facebook has proven time and again that your personal data isn’t safe in their hands.

2. Messenger

Is Messenger good for your privacy?

Facebook Messenger is even worse – it does not use end-to-end encryption. The app probably stores your private messages in plain text on their servers. If that’s the case, they can be reached by any employee with login credentials.

Mark Zuckerberg has admitted that Messenger automatically scans all the links and images you send to your friends. When the algorithm finds them suspicious, moderators read your messages and block them if they do not meet company policy.

It is true that these measures stop fake news and unlawful content from spreading. However, you cannot trust Facebook to use your data only for good. Remember that Facebook:

  • Has always valued growth over user privacy
  • Has been breached numerous times
  • Stored logins in plain text
  • Logged text messages and phone calls without informing users about this practice
  • Asked users for email passwords to spam their contacts

How to quit Facebook

Log out, delete Facebook and Messenger apps and switch to a more secure messaging app.

That’s easier said than done. With 2.13 billion users on Facebook and 1.3 billion on Messenger, you’ll find most of your family members, friends, and coworkers on these apps. Encrypted messengers like Signal are far less popular, and there is no alternative social network as popular as Facebook.

If you can’t shake the Facebook habit, simply delete the apps and use your mobile browser to scroll. It’s slightly less convenient, but this extra step gives you time to reflect: “Do I really want to check the news feed AGAIN?” It also makes sure the apps can’t snoop on your traffic and other apps.

Your messages will remain readable to Facebook, and your data will still be vulnerable to all security breaches to come, but Facebook will have a much harder time tracking you without their apps.

3. Weather apps

Are weather apps good for your privacy?

Your shiny new weather app wants to access your location. Sounds reasonable enough – it can’t tell the weather if it doesn’t know where you are.

But after you grant permission, the app tracks your location 24/7 and sells this data to advertisers. Such apps are numerous, and they all sound the same:

  • AccuWeather
  • WeatherBug
  • The Weather Channel App

And it’s not only the weather apps you need to worry about. It can be any app that provides local news or tells about events in your city or informs you about new restaurants worth visiting. Any of those may be trying to get your data for location-based advertising.

Weather apps will sell data on where you work, how you commute, who’s your physician, and what gym you frequent. There is no guarantee that your location data will be handled properly. It could be leaked, or sold further down the line. Image if someone from your area obtained your location data, even without your name.

How to check the weather without giving away your home address

Not all weather (or local news) apps are bad for your privacy, but to find the trustworthy ones, you’ll have to read the fine print.

Apps that sell your location are not honest about it. They hide this fact in thousand-word policy texts written in legalese. If you can’t bear reading them (few can), research them. Check the reviews and their reputation on the web.

One potential solution is to select your location on the app without giving it permission to track your location. This feature might not be readily apparent since they want you to let them track you, but it is likely available.

You can also check tomorrow’s weather online.

4. Words with Friends and other mobile multiplayer games

Are mobile games good for your pirvacy?

Multiplayer games are all about interaction and player engagement. You solve puzzles, level up, and have fun with friends and family.

However, games like Words with Friends collect an obscene amount of personal data.

Zynga, which created Words with Friends, the megahit FarmVille, and many other successful games, tracks and logs all kinds of personal data:

  • first and last name
  • username
  • gender
  • age and birthday
  • email
  • contacts from the address book
  • in-game purchases
  • everything players post in the message boards
  • the contents of chats and messages between players
  • Facebook ID
  • approximate physical location
  • basically, any publicly available info they can find

They also use cookies, beacons, pixel tags, clear gifs, and device identifiers to track:

  • IP addresses
  • what computer or mobile device and OS players use to play their games
  • MAC addresses
  • browser type and language

All that because you wanted to play online scrabble.

Zynga is not unique in the mobile game market. A lot of developers track their player data and sell it to the highest bidder. If you’re lucky, the data is depersonalized, but it might not be.

How to make sure my game is not spying on me

If the app is free, the developer still needs to make money somehow. They do that by selling your data for targeted advertising.

Before downloading any app, check the permissions and see if you can run it without giving it any of the permissions it needs to track your data.

5. The next app you download

Research the privacy of any app you download

In 2014, it came to light that the NSA hacked the game Angry Birds and siphoned player data. The developer claims that the vulnerabilities in the app have been fixed.

In 2013, the Federal Trade Commission charged a popular flashlight app because it shared location data with third parties without user knowledge or consent.

What these cases show is that you cannot learn about the worst privacy apps from past incidents. When vulnerabilities become known, they are fixed. When scammy apps are found, they are blocked from Google Play and the App Store.

You need to worry about the vulnerabilities that haven’t yet been found. No one knows which app will be next to leak the data of millions.

How to stay safe: 5 suggestions

  1. Before you install any app, check the rating, read the reviews, and research it. Your phone is your temple – know what you’re placing inside it.
  2. Be wary if an app asks for permissions it shouldn’t need to function. No flashlight app needs to know your location.
  3. As an example, take a look at the NordVPN app. On Android, it asks for 0 permissions. On iOS, it asks for 2 permissions for evident reasons:

    • for push notifications
    • to add VPN configurations
  4. Update the apps you use and delete the ones you don’t.
  5. Your phone probably has too many apps. Deleting the ones you don’t use will optimize your phone's performance and protect you from potential vulnerabilities. Updating the ones you use will help keep them secure.

  6. Review your app permissions.
  7. Many apps can still function without getting all of the permissions they ask for. Experiment with your favorite apps and see if they still work the way you want them to with some or all of their permissions deactivated. If one of those invasive permissions was for a feature you don’t use, revoking it makes a lot of sense.

  8. Use a VPN.
  9. Poorly configured apps can have vulnerabilities that will leak your traffic and data to snoopers. With a VPN app, every connection your device makes online will be encrypted, which includes your apps. If you do use a vulnerable app, this can help protect you from certain types of attacks.

    You can try NordVPN risk-free with your favorite apps thanks to our 30-day money-back guarantee.

To stay up-to-date on all things cybersecurity, sign up to our monthly blog newsletter below.


Stephen Levine
Stephen Levine successVerified author

When Stephen's not busy being a news junkie or playing with the latest gadgets, he loves to blog about tech and cybersecurity issues. He hates the idea of anyone collecting excessive data about him or his two cats.


Subscribe to NordVPN blog