Apps That Track You: 17 Of The Worst Offenders In Privacy Invasion

Online privacy is a problem as old as the internet itself, and it's a well-known trade-off to using tech that makes life easier. Companies collect tons of data through various apps and services, and use that data either as a product to sell to third parties or for targeted advertising. There are things you can do to reduce the risk, but even with the best practices, you can't stop all of it. With that said, some apps are worse about it than others, and knowing which apps are gathering the most data is the first step in protecting your privacy.

To their credit, platform owners, specifically Apple and Google, have put in various measures to help educate people on the matter. For example, the Apple App Store has a "Data Linked to You" section on every app that shows what information may be collected. These help you understand more about what information an app may collect but don't prevent it from doing so.

So, if you're curious about which apps collect the most data, the list below is a good sample of the biggest offenders when it comes to personal privacy.

The Meta family of apps is commonly cited as among the worst offenders when it comes to user privacy. These include Facebook, Instagram, Threads, Facebook Messenger, and, to a lesser extent, WhatsApp. We could probably write an entire article about the sins committed by Meta that go against user privacy, but for today, we'll settle with some highlights.

Facebook collects over 156 data points about its users, including age, location, name, payment information, likes, interests, and heaps of other things. The other apps aren't much better and collect much of the same stuff. They have also all been the subject of intense scrutiny online, with Consumer Reports finding that 2,230 companies have access to user data on Facebook. Every app listed above has had multiple controversies when it comes to user data, whether it's concerns about Threads' intense data collection or WhatsApp sharing user data with Meta's other products.

Perhaps the most egregious was the Meta Pixel: A small, unseen image posted on many of the most popular websites that reported back what you did on those webpages to Meta. That's not part of the brand's apps, but it is a good example of how much data the company collects.

TikTok has been among the most scrutinized apps of the last decade for a variety of reasons. The jury is still out on whether TikTok represents a national security risk for the U.S., but the app was ultimately sold to an American company by its Chinese owners, ByteDance. Once the American TikTok USDS Joint Venture LLC was born, the debate was largely over, but the app is still one of the most intrusive on the market.

TikTok has been accused of aggressively gathering user data for years, a reputation that the company hasn't shaken, or even attempted to get out from under. It does so by asking for way more permissions than it really needs, and has been accused on multiple occasions, most recently in 2026, of tracking user behavior when they're not using the app. TikTok uses this data for advertising purposes and to shape its legendary algorithm that keeps people doom-scrolling social media for hours on end, an activity known as brain rotting.

Even in U.S. hands, the app doesn't appear to be stopping, as TikTok's latest terms of service is sparking backlash for being "invasive and predatory."

Pinterest has largely flown under the radar when it comes to privacy concerns, but make no mistake that the company is among the top dogs when it comes to data collection. It could be argued that the reason it doesn't get much controversy is that it's honest about what it does with your data. It openly states in its privacy policy that collected user data is sold to third parties, used for targeted advertisements, and assists in Pinterest's feed algorithms. The privacy policy also details how off-site behavior is tracked, largely for the purposes of improving user feeds. So yes, Pinterest also sees what you do when you're not on Pinterest.

That doesn't mean that all of that is okay, as the amount of data that Pinterest collects is rather massive. However, the transparency does help keep Pinterest from surprising anyone with its data collection and use. Pinterest still has its fair share of controversies, like its over-reliance on AI slop and a couple of discrimination lawsuits that have since been settled. It's also been accused of data privacy violations in the EU, which has stricter rules than the U.S. when it comes to data collection and use.

It shouldn't surprise anyone that Amazon collects a ridiculous amount of user data. The retail app keeps track of your shopping habits, credit card information, address, name, and, if you ever signed up for an Amazon credit card, all the data that comes with that. The company also runs Alexa, which is present in the Amazon Shopping app and the company's Echo devices. Alexa also collects quite a lot of data, including sending your recorded conversations to Amazon servers, as of March 2025. According to Amazon's privacy policy, it uses the data to do quite a lot of things, including identity verification for businesses, product recommendations for you to buy, training Alexa, advertising, and a lot more.

This isn't necessarily unexpected, but Amazon has a poor history of keeping user data safe, which got bad enough that the FTC wrote an article telling Amazon to knock it off. The company has been largely able to avoid fines for these sins so far, but court proceedings can take years, and Amazon isn't quite off the hook yet. Even if Amazon is found guilty and pays the fines, it might still track, record, and process everything you do with an Amazon or Ring product.

Lyft and Uber are both often found on the list of apps where privacy appears to be largely optional, and since they tend to fail in the same ways, we decided to put them together on this list. Noticeably, these apps are used both by gig workers and users, but while the apps are separate, the problems are the same. Uber and Lyft collect tons of personal data, including payment information, location, name, behavioral habits, and a lot more. Comically, Uber's privacy policy states that it "may" de-identify data before selling it to third parties, but that it isn't guaranteed, in case you were wondering how these companies handle the data they collect.

In any case, Uber and Lyft have tons of controversies under their belts. Drivers have long complained about the algorithm that dictates everything from what fares they get and how much they get paid for them, with allegations about wage discrimination spanning years, at this point. Uber has been caught buying data from other services like Unroll.me, and the Social Security numbers of drivers have been leaked by mistake by both companies. Lyft tends to do worse on app privacy studies, but Uber definitely has more headlines, so they're about even.

DoorDash is another example of an app that takes from both sides of the aisle. On the one hand, customers have their order histories, payment methods, search behaviors, location, age, and all sorts of other stuff collected as part of the process of ordering food and having it delivered. On the other side of the fence, drivers have additional financial and personal information collected, since they have to get paid, and getting paid means filling out the paperwork for a 1099 tax form. As such, DoorDash is often listed as highly invasive for the information it collects.

Unfortunately, DoorDash doesn't have the best track record with keeping that data private. It had data breaches in 2019, 2022, and 2025. These breaches leaked everything from personal addresses to driver's license numbers, names, banking information, and more. Customers were prompted to change passwords and other information after each breach, which makes being a DoorDash user more work than many other services. In addition, while the app doesn't typically use a ton of data, multiple drivers have reported very high data usage in the past, although those values are often combined with Google Maps and other services.

It's no surprise that Google collects an absolute ton of data on just about everyone who uses their services. In fact, you can request to download it all and see it for yourself via Google Takeout. Takeout gives you access to everything that Google has collected on you across all of its services. According to Security.org, Google collects more data than any other major service, and a lot of that comes from YouTube. It includes your watch history, comment history, anything you upload, search history, connected networks (and network statistics), likes and dislikes, name, address, location, username, and loads of other stuff.

Google's data collection is intrusive because Google cross-pollinates across all of its various services. You'll see ads on Google Search based on your YouTube watch history and see ads on YouTube based on your Google Search history. Since Google also scrapes your Gmail, Photos uploads, general browsing history on Chrome, and basically everything else you do, all of that ends up being fodder for serving you ads on places like YouTube, and fueling other features like Smart Replies in Gmail and training Google Gemini. Fortunately, data breaches aren't terribly common, although YouTube did get hit with one in 2024. In short, Google probably knows more about you than your parents do.

X is a social network like any other, and since social media apps are featured pretty heavily on this list in general, it shouldn't come as a surprise that X is mixed right in with its competitors. The Musk-owned site collects quite a lot of data, including everything you post, your profile information, and payment details, if you've ever purchased X Premium. X openly states that it uses information for advertising purposes and shares it with third parties to further that goal. It's all pretty much par for the course in terms of a social media app.

However, X has committed some privacy intrusions that people aren't fond about. Security researchers found that it tracked user location more aggressively than any other tested social network, which is impressive (in a bad way) because Meta's data-hungry apps, Pinterest, and LinkedIn were part of that study.

The more recent, and more disturbing, invasion of privacy revolved around the generative AI tool Grok, which is integrated in the X app. Users were able to create and post nonconsensual, sexualized deepfake images on the social network, which included minors. X promised to put a stop to it, but as of this writing, the problem remains only partially fixed. 

AI apps have proliferated in a big way over the last half a decade, and you can easily get any number of chatbots on your mobile phone. That includes big shots like Google Gemini, ChatGPT, Anthropic's Claude, and a whole host of knockoffs. While the details change between apps, generally speaking, everything you put into the chatbox can be collected and used to further train the AI. That includes your prompts, random questions, and even silly photo edits made with Google's Nano Banana.

Knowing that everything you type into the box ends up on a server somewhere, there is a whole host of things you should never tell an AI, even the big ones like Google Gemini. That includes personally identifiable information, financial information, and medical details. The lack of privacy for stuff like this has put off many folks from using AI for things like email. This is agnostic of platform as well, so don't think you can dodge it by using just the website. Wherever you use AI, it will be collecting data about you. If you must use an AI, apparently Microsoft Copilot is the least intrusive of the bunch.

LinkedIn is kind of a scary place, if you sit and think about it for a few minutes. It has real names, general locations, entire job and education histories, age and gender, and real pictures, and that's stuff that people willingly choose to publicly display on their profiles. You can infer a lot from context there, like salary data. In all, LinkedIn collects less data than the big dogs like Facebook or X, but people willingly share more data there, so the difference kind of cancels out. People don't post their location and detailed job history on X very often.

In any case, LinkedIn is pretty benign (comparatively speaking) until you get to the AI stuff. Over the last few years, LinkedIn has updated its privacy policy a couple of times to add that it may use profile data to train AI. You can opt out of this, but unless you saw a news article about it, it's likely that LinkedIn managed to slip this past you. So, consider this your public service announcement to log in and opt-out. LinkedIn has a guide for you to follow.

PayPal is one of the original peer-to-peer payment platforms, and in general, it has some decent safety nets in place. For instance, transactions are end-to-end encrypted, which makes it harder to hack, and it runs browser integrity checks when using it on the web. So, in the grand scheme, PayPal isn't as bad as some other apps we could mention. However, not all that glitters is gold. PayPal still houses loads of user data, including purchase history, location, contacts, financial information, browsing history, and various other identifiers. This isn't terribly surprising since it is a payment app, but it's still worth mentioning that PayPal does collect this information.

Since the information it collects is so personal, it makes data breaches an extra pain. A notable breach in 2022 leaked email addresses, Social Security numbers, employers, location, job titles, social media profiles, and phone numbers. An even worse breach in 2025 exposed user data for six months before it was finally discovered and closed. The data exposed is essentially the same as the 2022 breach. PayPal says that the damage was minimal in both attacks, but when it's Social Security numbers, it still leaves a bad taste.

Finding Duolingo on this list might be a bit of a surprise. The language learning app is best known for gamifying the experiencing of learning a second language, which genuinely helped tons of people get over the initial difficulty hump. Despite its largely positive impact, Duolingo is consistently rated pretty poorly on privacy invasion by multiple sources. The primary reason is that it employs a metric ton of trackers and requires way more permissions than it should need for the content users engage with.

It's still generally less than social media apps, but the fact that an educational app is asking for all these permissions is pretty sketchy. The brand's privacy policy doesn't say much about what it does with the data it collects, but it's pretty apparent that most of it is used for advertising and AI, which it uses to generate lessons that focus on the topics users are having troubles with. Its data collection and use have been the subject of criticism for a while, and so far, Duolingo hasn't done much to rectify outstanding issues. As of 2023, Duolingo has more trackers than any other language learning app, often by a large number.

Privacy is a heavily researched, highly regulated, and often discussed topic, so there was no shortage of information out there for an article like this. We sourced information from TenScope's yearly Most Invasive Apps list, studies from various research firms like Nsoft, Security.org, Apteco, and the Common Sense Privacy Program, as well as several studies, usually done on a per-app basis.

There are hundreds, if not thousands, of studies and news articles from reliable sources showing how intrusive certain apps are, and this list was based on the consensus from as many of those as we could check in a reasonable amount of time.

You may have also noticed that most of the apps are social networks or some sort of e-commerce app. This is typical, as both types of app often collect tons of user data, even if they don't need all of it.