5 common apps that put your privacy at risk

Just because an app is popular doesn’t mean it’s safe

In the cold Canadian winter, there’s nothing like a cup of Tim Hortons hot chocolate. With their app, it’s easier than ever to customize and order your favorite hot drink. However, you might not want to do that. The company’s app was found tracking user location hundreds of times a day, even when it wasn’t in use. 

That’s a lot of personal data to give for a bit of convenience. If you want to stay safe, think twice before downloading the following kinds of apps:

1. Coffee Shop loyalty programs

Tim Hortons wasn’t the only app with privacy issues. Years earlier, the Starbucks app was found to be storing sensitive information—like your password and email—over HTTP instead of HTTPS. That is just about as safe as leaving a key under your doormat. But we get it: it’s hard to forgo those free cups of coffee. If you absolutely must use an app for a loyalty program, take necessary precautions; more on that later.

2. Period trackers

Users of period tracker apps sometimes provide very intimate information: sexual activity, libido levels, flow changes, menstrual information, and more. As with other tracking data, this information could be sold or compromised. 

In 2019, the FTC found that Flo, a leading period tracking app, was sharing intimate health details with analytics companies like Facebook and Google. In another case, Consumer Reports found that Glow, another popular period tracker, had significant vulnerabilities in the way it stored user data. 

Last month we also wrote about the new risks posed by the possible overturning of Roe v. Wade in the U.S. Could law enforcement take the data someone inputs into a period tracking app as evidence of an illegal abortion? It’s all still yet to be seen, but meanwhile, there is little reason to give all that personal data to an app maker. 

3. Dating apps

Dating apps often ask for information such as religion, sexual orientation, and all manner of personal preferences. It is the sensitive nature of dating information that makes breaches all the more serious.

Some big names have come under fire in recent years. In 2018, Grindr suffered a data breach that potentially exposed the personal data of millions of users, including users’ self-reported HIV statuses. In 2020, Tinder, Grindr, and OKCupid were all found to be transmitting user data including gender, age, IP address, GPS location to major advertising and behavior analytics platforms, possibly in violation of GDPR rules. 

If you’re no longer using a dating app (congrats?), delete it thoroughly using our guide.

4. Fitness trackers

Fitness trackers record a whole range of personal health information including heart rate, sleeping patterns, food intake, GPS location, and more. They have also been subject to data breaches, with a vulnerability in Fitbit exposing 61 million records in 2021.

That being said, fitness tracking apps are some of the strongest services when it comes to providing users with control over their data. Apple Health, Google Fit, Fitbit, and Strava all have data access controls. You can choose what data to share, what to track, and even delete the whole account with a couple clicks. 

However, not all apps have that same level of control. It’s important to look at how much control you get from an app before signing up on their ecosystem.

5. Contact tracing apps

Contact tracing apps pose a unique privacy challenge: while they help coordinate government response, they also have access to location and testing data. The apps for each government require different permissions. While some require nothing more than an internet connection, others access Wi-Fi info, address books, calendar, microphones, and more. 

Unlike the above apps, these might be mandatory to install. In these cases, the best way to protect your privacy would be to use an alternate (burner) phone.

4 ways to fight back and keep your private data private

While those types of apps may put your privacy at risk, there are several ways you can protect your private information:

1. Keep your VPN on

A quick and easy way to help protect your privacy is to keep your VPN on at all times. A VPN will secure your network, automatically encrypt your traffic through HTTPS, and make it much more difficult to access your information.

2. Check what your apps can access

Your are in control of what information your apps can access. For Android 11 phones, you can check which apps have access to your Google account by going to Settings > Privacy. There, you can see the Permission Manager, which shows exactly which apps have access to what personal information.

Likewise, for iOS devices, head to Settings > Privacy to see a list of permissions you have provided to each of them. Apple goes one step further, providing you with a privacy report that shows you how apps are using the permissions you have granted them.

3. Use alternate email and social media accounts

Additionally, when entering personal information, it may be in your best interest to set up secondary emails, Google accounts, and Facebook accounts. When you log into your apps with these services, you can use your alternate accounts to protect your personal details.

4 Disable Wi-Fi and Bluetooth location scanning

Android phones have a little-known feature that communicates with other phones and Bluetooth tracking devices to find your location. This feature runs in the background and works even if GPS, Wi-Fi, and Bluetooth have all been turned off. On Android 11, you can find this feature under Location > Improve accuracy.

5. Keep an alternate phone

When none of the above options are available and you must use the app in question, the best thing to do is to use an alternate phone. Turn it on only when you need to use the app. In the security industry, this practice is called sandboxing. Your alternate phone becomes an isolated sandbox where you can safely run risky apps. Just remember to sign out of your Google, iCloud, and Samsung accounts once you have the app installed.

Phone protected by ExpressVPN.
Privacy should be a choice. Choose ExpressVPN.

30-day money-back guarantee

A phone with a padlock.
We take your privacy seriously. Try ExpressVPN risk-free.
What is a VPN?
Alan is like a slow cooker for tough ideas: just put them in, and he’ll turn them into something tasty and easy to eat. When he’s not doing that, he also likes cooking, no surprise there.