Often marketed as free and convenient tools, business apps may seem like an attractive proposition. But many of them are also hungrily mining user data, with big names like Facebook, PayPal, Glassdoor, and eBay found to be the most invasive.
The corporations behind the so-called “freeware” model are deliberately obscuring their true terms and conditions to make users more compliant, claims OnDeck, the company that carried out the research. And none more so than Big Tech corporations, its study has found.
“Companies want your data and often make privacy agreements needlessly complex in order to strong-arm you into blindly giving it away,” said OnDeck. “This model – wherein a company effectively offers the use of one of its apps for free in exchange for access to user data – has exploded in popularity in recent years. Companies may then use this data to inform targeted advertising campaigns, refine their own product, or sell user data to another company.”
OnDeck reviewed the privacy policies of more than 200 business apps on the App Store, across more than 10 categories, including marketing, finance, project management, and customer care.
“Apps you love, from a place you can trust,” reads the tagline on the Apple landing page, but if users were to take a closer look at the terms and conditions attached to many of them, they might not feel the love or trust for very much longer. A 2018 survey by the University of Oxford found that around nine-tenths of ‘free’ apps transfer user data to at least one other company, prompting OnDeck to conduct research of its own.
Facebook “in a league of its own”
Facebook Messenger was found to be the most invasive communications app, collecting the maximum possible of 32 data segments on users – a segment being defined by Apple as an entry of personally identifying information (PII,) such as name, payment method when using apps that are not free, or precise location at time of usage.
“Facebook, now under the corporate umbrella of Meta, continues to be in a league of its own in terms of how much data it gathers from users of its apps,” said OnDeck. “Messenger, Instagram, Facebook, Meta Business Suite, and Ad Manager are the only five apps that collect data across more than 30 segments – these are all Facebook-owned or affiliated.”
It added that overall Big Tech is responsible for the lion’s share of data gathering, with apps that track 20 or more segments overwhelmingly owned by giant corporations. The Google-owned YouTube and Gmail apps, as well as Chinese social media giant TikTok “also appear high up on the most invasive list.”
PayPal was found to be the most pervasive finance app, using its small print to request access permission for 26 data segments, while eBay topped the list for e-commerce, asking for 21 points of access to PII.
GlassDoor was the data-hungriest HR and employment app, demanding access to 21 segments in return for the use of its services, while Google Drive led the charge for the content category, requesting no fewer than 19.
No detail too small for Messenger
Types of data segment tracked included contact details of both individual users and their peer groups, and browsing and search history, sought after by most communication apps including Google Chat, Google Voice, and Gmail.
Those like Messenger that went the whole hog, asking for every segment available in the App Store, are mining much more aggressively, taking data pertaining to users’ finances, health, and fitness. Perhaps more worrying still, the Facebook messaging app also tracks, stores, and shares a data category that Apple has helpfully labeled “sensitive info.”
When viewed by category, the most data-aggressive apps were found in the marketing section of the App Store, with finance, accounting, and communication coming in second and third places respectively.
More from Cybernews:
Subscribe to our newsletter