A new Surfshark study finds several Fintech apps do more than provide advice and service – they also collect and share user data.
The research highlights that fintech apps collect significant user data, particularly Paypal and Robinhood. Mint shares 70% of collected data. One in six finance category apps’ data is tracked (such as shared with a third-party advertising network or data brokers). Research is aided by a free app privacy checker tool where users can select the specific apps on their phone and receive a report on the extent of data collection.
“Analyzing 100 popular apps on the App Store, we’ve found a concerning trend: nearly 20% of collected data is used for tracking. Such tracked data can be shared with third-party advertisers or data brokers, who use it to deliver personalized ads targeting the users, or aid companies in market research,” said Agneska Sablovskaja, lead researcher at Surfshark. “Understanding an app’s privacy policy is crucial for safeguarding digital autonomy.”
On average, the findings suggest finance apps collect 16 out of 32 possible data points. That is almost 10% more than the average of 15 collected data points across all 100 examined apps. Moreover, these apps link 93% of collected data points to the user’s identity. Almost 15% of such apps use collected data points to track users across third-party platforms.
PayPal and Robinhood could be named the most data-hungry fintech apps within the finance apps category, collecting 26 and 25 out of 32 data points, respectively, and linking almost all data points to the user’s identity (although they don’t use data to track its users).
Mint is an app that shares the most data points with third parties. According to the authors, around 70% of data points collected by Mint are used to track the user, like email address, precise location, credit info, and purchase history.
Of the 10 analyzed fintech apps, only half do not use data to track their users (PayPal, Cash App, Robinhood, Splitwise, YNAB). The 10 analyzed finance apps were PayPal, Revolut, Cash App, Robinhood, Binance, Coinbase, Crypto.com, Splitwise, Mint, and YNAB.
A total of 1523 data points were collected across 100 of the most popular apps. That’s an average of 15 unique data points per app out of the 32 unique data points defined by Apple. Around 90% of the apps collect usage, diagnostic, and identifier data such as product interaction, user ID, device ID, crash, and performance data. Most are essential for their app functionality.
Two-thirds of the apps collect your name and coarse location, and nearly half collect your precise location. Coarse location is a more general estimation of where you are, while exact location is more detailed and accurate. More than one-third of the apps collect your contacts, and a fifth collect your emails or text messages and browsing history.
Facebook and Instagram are the two most privacy-invasive apps. Both apps collect all 32 data points defined by Apple and are the only two to do so. Signal is the only social media and messaging app in the top 10 most privacy-sensitive list. It is the second least data-hungry app, collecting one data point (phone number) that is not linked to you or used to track you.
Before downloading fintech apps, the authors recommend checking the developer’s reputation and data retention policies, paying attention to constant permission requests to access the contact list, camera, storage, location, and microphone and limiting the app’s access to information only when the app is in use.