This is a list of the top 200 downloaded apps for iOS on 9/9/24. I wanted to track the app privacy in a chart to see a nice visual of how it all works, and see if there are any interesting trends.
Using the categories that Apple provides developers to fill out when submitting apps, we have a good collection to get an idea of what data could be collected. Now, it’s worth noting that not all the data is collected within each category, and sometimes the data will be anonymized, so here are the rules I set:
It’s also worth pointing out that not all data has the same amount of risk. For example, diagnostic data is really helpful for developers to understand why an app might be acting up, but if they experienced a data breach, that data wouldn’t be beneficial to outside sources, so it’s low risk. On the other hand, sensitive data contains anything within this description from Apple:
“Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.”
That data is far riskier, it could be sold to advertisers to make a profile on you, it could be used against you in a plethora of ways, and it's generally far riskier than most other types of data.
Because of the variety, I have added weights to certain categories. The lower the number, the lower the risk to your personal data. Now again, these categories might contain only part of the criteria from the full description, but to keep things simple, we will just count the entire category, and not the individual criteria.
I also want to talk about the "Other Data" category. This one is weird, because it could be stuff related to a hardware accessory that might not qualify data from the app itself. For example, the Ring doorbell isn't technically collecting user content, because the content isn't from your phone, it's from their hardware, so the "Other Data" category is used. I struggled to come up with a reasonable middle ground weight for this, so I landed on 3, because it can be fine, and it can also be pretty bad.
The scale here is 1-10, and you can also see these categories by searching for the app within the App Store and scrolling down to the privacy section. If you click into it, it will give you some more detail. Another helpful resource is Apple's own Privacy Definitions and Examples page, linked here: https://apps.apple.com/us/story/id1539235847
It is also super worth noting that this is all linked to data collection. There isn't anything here that accounts for services that do anything beyond just collecting the data. In my mind, collected data is the risk, and if the service shares your data or sells your data, they are simply accelerating the process of your data being "out there". Data that is just stored is still at risk for data breaches, and it is never a matter of if, but when that data will be breached. If they store the data but anonymize it like I mentioned earlier, I don't have a problem with that, because the data isn't a risk to you, the user.
Some of the apps you'll see in this list might seem lower because of the fact that they share all the data, whereas other apps might seem too high, because they don't share all the data. A great example of this is Telegram vs TikTok. Technically, TikTok collects less data, but they sell a lot of that data. Telegram technically collects more data, but they don't sell that data, so it seems less problematic. On top of that, Telegram also technically encrypts the cloud stored data, BUT, that does not mean the data is anonymized. Encrypted data is still absolutely breachable and sought after, as we saw in the Last Pass breach back in 2021. The data is certainly harder to get into, but given enough time and resources, encryption can and has been broken. Collecting data about you and hoarding it is all the same, no matter how it is hoarded. If a company suddenly decides they want to start selling your data, they have a huge head start since they stored it all previously. If there's a data breach, it doesn't matter if they share it or not, it only matters that they retained the data in the first place.
Here is also the forum post if you'd like to add to the discussion: https://rejectconvenience.com/forum/viewtopic.php?p=208
Edit: I have now added tabs for different sorting, by ranking in the App Store, and by the Privacy Score. I have also tracked the top 175 paid apps in the App Store with the same data (as of 9/13/2024). The reason it's 175 and not 200 is because there are several bundles of apps that range from 2 per bundle to 5 in one case, so they count those as "apps" but not the position. It's a little weird, but it's the data I have at the moment.
I have also started to track data incidents related to the apps or their respective companies.