Your Finance App Knows You Better Than You Think

by Damian Chmiel
  • Finance apps outstrip others in data collection, raising privacy concerns.
  • The list of big names doing that includes Revolut, Robinhood and PayPal.
magnifying glass
Join our Telegram channel

In an analysis of 100 popular iOS apps, the cybersecurity firm Surfshark uncovered concerning data privacy practices among finance apps. It turns out that the payment giant PayPal and the popular trading app for retail investors Robinhood, collect the most data about their users.

Finance Apps Hoard User Data, Surfshark Study Finds

The study found that finance apps collect more user data on average than other app categories – 16 out of 32 possible data points tracked by Apple in its app store. PayPal and Robinhood gathered the most data points at 26 and 25, respectively.

"Nearly 20% of collected data is used for tracking. Such tracked data can be shared with third-party advertisers or data brokers, who use it to deliver personalized ads targeting the users, or aid companies in market research," Agneska Sablovskaja, the Lead Researcher at Surfshark, said.

Data collection

PayPal and Robinhood are the most "data-hungry" apps. However, it appears that they do not use the gathered information, or at least they claim not to, to track their users. However, many other popular financial applications engage in such tracking, including Revolut, Binance, Coinbase, and Crypto.com.

Tracking involves linking data collected from an app about a particular user or device, such as a user ID or device ID, with external sources like third-party advertising networks. Additionally, the gathered data might be distributed to data brokers.

50% of Apps Collect Search History and Location

Across all app categories, nearly half collected precise location data and search histories. Facebook and Instagram stood out as the most “privacy-invasive”, gathering all 32 data points defined by Apple.

“Two-thirds of the apps collect your name and coarse location, and nearly half collect your precise location. Coarse location is a more general estimation of where you are, while precise location is more detailed and accurate,” Surfshark explained.

Facebook and Instagram

Additionally, 93% of the data points collected by finance apps are tied to user identities. Mint, a popular app for managing personal finance, shared a worrying 70% of collected data with third parties – the highest amount observed.

“Understanding an app’s privacy policy is crucial for safeguarding digital autonomy,” Sablovskaja concluded.

In an analysis of 100 popular iOS apps, the cybersecurity firm Surfshark uncovered concerning data privacy practices among finance apps. It turns out that the payment giant PayPal and the popular trading app for retail investors Robinhood, collect the most data about their users.

Finance Apps Hoard User Data, Surfshark Study Finds

The study found that finance apps collect more user data on average than other app categories – 16 out of 32 possible data points tracked by Apple in its app store. PayPal and Robinhood gathered the most data points at 26 and 25, respectively.

"Nearly 20% of collected data is used for tracking. Such tracked data can be shared with third-party advertisers or data brokers, who use it to deliver personalized ads targeting the users, or aid companies in market research," Agneska Sablovskaja, the Lead Researcher at Surfshark, said.

Data collection

PayPal and Robinhood are the most "data-hungry" apps. However, it appears that they do not use the gathered information, or at least they claim not to, to track their users. However, many other popular financial applications engage in such tracking, including Revolut, Binance, Coinbase, and Crypto.com.

Tracking involves linking data collected from an app about a particular user or device, such as a user ID or device ID, with external sources like third-party advertising networks. Additionally, the gathered data might be distributed to data brokers.

50% of Apps Collect Search History and Location

Across all app categories, nearly half collected precise location data and search histories. Facebook and Instagram stood out as the most “privacy-invasive”, gathering all 32 data points defined by Apple.

“Two-thirds of the apps collect your name and coarse location, and nearly half collect your precise location. Coarse location is a more general estimation of where you are, while precise location is more detailed and accurate,” Surfshark explained.

Facebook and Instagram

Additionally, 93% of the data points collected by finance apps are tied to user identities. Mint, a popular app for managing personal finance, shared a worrying 70% of collected data with third parties – the highest amount observed.

“Understanding an app’s privacy policy is crucial for safeguarding digital autonomy,” Sablovskaja concluded.

!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|} !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}