Study reveals the most invasive finance apps on your phone

Nearly every financial app tracks and stores your private data. This Invezz study reveals the most invasive finance apps and picks out the worst offenders.
By:
Updated: Jun 29, 2022

80% of websites track our private data. The most high profile data harvesters are social media platforms and big tech companies, which make billions by tracking and selling their users’ private data. But even finance apps, that we trust with our most sensitive information, are using our personal data for their benefit.

We analysed the top 50 finance apps on the Apple App Store to find out how much data they collected from their users. By law, companies must provide information on the data they collect, use, and sell, so we looked at each finance app and logged the data. The range of apps included generic financial apps, multi-currency account apps, forex trading apps, stock trading apps, and all-round investment apps.

The full and gory details are available below, but first a summary of our key findings:

Key findings

  • 92% of finance apps track, store, or sell our personal data
  • Robinhood sells 86% of the data it collects to third parties
  • Google Pay and PayPal sell 79% of the data they collect
  • Self, the credit building app, rates as the most invasive finance app overall
  • 10% of apps collect and sell sensitive personal information like our racial origin, sexual orientation, or mental health

The most invasive financial & investing apps

List of the most invasive finance aps

92% of finance apps are tracking our data in some way. In many cases, these apps store data that goes well beyond the world of finance. Hugely popular platforms like Robinhood and PayPal are tracking our online activity, along with storing sensitive financial and contact information.

The credit building app, Self, comes out as the worst performer in the industry, storing 57% of the data that it’s legally entitled to collect. At the other end of the scale, four apps – DailyPay, Navy Federal Credit Union, Coinbase Wallet, and Payday Cash Advance – don’t collect any data at all.

As well as an invasion of privacy, handing your data over to apps can be dangerous and the security of these platforms leaves a lot to be desired. According to Narek Gevorgyan, CEO at CoinStats, personal info stored on these apps is a “goldmine for stalkers, abusers, and doxxers alike”. A 2021 Intertrust report found that an astonishing 80% of finance apps leak data, and the majority have major security flaws.

This is particularly concerning when you consider what type of data these apps collect. Many of these apps can see where you are, what you’ve bought, and what you look at online, then use it to build up a profile of who you are and what you interact with. This data is extremely valuable, and many companies make money by storing and selling your information.

This abundance of personal information stored across centralised servers has become a goldmine for stalkers, abusers, and doxxers alike.”

Narek Gevorgyan, CEO & Founder at CoinStats

The finance apps selling the most of your personal data

Finance apps that sell the most private data

Robinhood, a popular investing app, sells 86% of the data it collects to third parties. This includes your financial info, purchase history, and details about what you’ve searched for online. PayPal, Chime, and Google Pay are not far behind, each selling 79% of the data they collect. 

Your data can make big money for these companies. American companies spent $19 billion buying up personal data in 2018. Many third parties are willing to pay for this information because they can use it to create more targeted, and more valuable, adverts.

There are plenty of other problems with selling data to third parties, too. Gevorgyan says that “the data collected by fintech apps, if in the wrong hands, will lead to severe consequences, including ransomware attacks, phishing attacks, and social engineering attacks, among others”.

Ultimately, the more companies that store your data, the greater the risk of a breach. You have no control over who your data is sold to, where it’s stored, or how it’s used. Malicious actors can take advantage of this to try to break into your personal accounts or clone your identity.

The finance apps using the most of your personal data

finance apps that collect the most private data

Once again, Self is the worst app when it comes to storing and using your data. Only 16 of the top 50 apps collected this form of data. Coinbase, the most popular cryptocurrency app, scored as the best of those, storing just 7% of your data for its own use.

Companies generally use this data to try to encourage you to buy more of their products, or to carry out large-scale analysis to improve their business. This is all from data you provided for free, used to try to get you to give them more money. 

What this result tells us is that apps don’t need to keep tabs on so much personal data. None of the platforms that use the data for themselves store browser history, and only Fidelity uses your search history.

Conclusion

This study shows that even financial apps are storing and selling vast amounts of their users’ private data. Centralised apps which pride themselves on democratising the financial system, like Robinhood, or on providing a ‘safer way to send money’, like PayPal, are among the worst offenders when it comes to profiting from their customers’ data.

This speaks to one of the biggest issues with online data privacy; the fact the rewards and incentives are paid to the companies that gather it, rather than to the people who provide it. Blockchains and cryptocurrency offer one possible solution, and already browsers like Brave offer a way to cut out the middleman and reward you for your attention and data.

[DeFi] is the only way to access the financial system without having to let go of your personal information. It is more secure, transparent, and inclusive than existing financial systems.”

Narek Gevorgyan, CEO & Founder at CoinStats

On a larger scale, decentralised blockchains remove the need for any middlemen at all. Gevorgyan argues that, with blockchain technology, “end-users will have more control over their data, how they share it, and who they share it with”, and it offers “the only way to access the financial system without having to let go of your personal information”.

This speaks to a future where you no longer have to worry about which large tech company is in control of your data and who they’re selling it to. Until then, be careful what you sign up for.

Transcript of full interview with Narek Gevorgyan, CEO & Founder at CoinStats

Invezz sat down with Narek Gevorgyan, the CEO and founder of CoinStats, to get his thoughts on data privacy, the dangers from centralised financial apps, and the potential of DeFi to solve some of these problems. The full, unedited transcript of the interview is below.

Invezz: To start with, broadly speaking, what would you say the dangers are to users from apps that store and often sell our private data?

Narek Gevorgyan: It is no hidden fact that our personal data is routinely bought and sold by hundreds, and possibly thousands, of companies. In today’s digital world, data is power. Most apps and websites accumulate petabytes of data from billions of people. These days, if you use the internet, it isn’t particularly complicated for companies to determine your likes and dislikes, your preferences, favourites, and other similar characteristics. Since this data is highly insightful, it is mostly used to drive targeted advertising campaigns. 

The problem: our privacy is at stake! Piles of personal data are being used to influence democratic processes like voting (Cambridge Analytica). And this is just the tip of the iceberg! On a daily basis, this abundance of personal information stored across centralized servers has become a goldmine for stalkers, abusers, and doxxers alike. 

IZ: Our study found that 92% of the top 50 financial apps on the App store are tracking our data in some way. Could you speak to the specific risks of using finance apps that collect so much personal data?

NG: Ever since it became mainstream, fintech apps have become the go-to target for hacks and cyberattacks. This shouldn’t come as a surprise because fintech equals money and PII (personal identifiable information). With the majority of the finance apps collecting tons of data from consumers (and then storing them across third-party servers), cybercrimes are on the rise. 

Think of it this way: your credit card company stores details about every transaction you process. Your financial habits make up a large part of your consumer persona. All of this information can be used to create profiles of you – your buying habits, your likes and dislikes, whether you’re single or married, your recent purchases …the list goes on. And with fintech apps collecting this data, it shouldn’t come as a surprise if you keep seeing extremely relatable ads or call-to-actions every time you go online. Unfortunately, it goes beyond targeted ads and CTAs. I think the data collected by fintech apps, if in the wrong hands, will lead to severe consequences, including ransomware attacks, phishing attacks, and social engineering attacks, among others.

IZ: Do you think it’s right that these apps collect, and often profit, from their users’ data? Is there an alternative to using these apps to invest that doesn’t involve handing over control of our information to third parties? 

NG: Well, if someone is profiting off of someone else’s personal property, I don’t think that’s justified in any way! Then again, that’s how the majority of our present centralized systems operate. In the Web2 infrastructure, there are some regulations in place, including the GDPR, CCPA, and FCRA, but they can only help to an extent. The end-users, in general, don’t have much control over their data online, which is the root of the problem.

Truth be told, data will always play a key role in accessing online products and services, be it on Web2 or Web3. However, with Web3, end-users will have more control over their data, how they share it, and who they share it with. For instance, Web3 users can exert total control over their data, thanks to novel privacy-focused solutions like zkSnarks, Groth16, and Decentralized Identifiers (DIDs). In this context, I believe DeFi (decentralized finance) is a promising alternative to using apps that generally collect and hand over information to third parties.

IZ: Over the last couple of years, there’s been a dramatic rise in the amount of DeFi apps out there that offer a new way to invest. How do decentralised apps deal with their users’ personal data, and how are they able to improve on the service we’ve come to expect from the old school system?

NG: Decentralized applications, or dApps, are powered by autonomous smart contracts. When the preset criteria are met, the contract executes automatically. As such, dApps enable users to access a wide range of products and services without any intermediaries or centralized authorities. You, the user, gain complete control over your transactions, and there’s no one watching or tracking your activities. Additionally, most dApps don’t even ask the user to submit any personal information in order to use the feature it offers. When it comes to user data, dApps leverage the features of the underlying blockchain network to safeguard data privacy while fostering a censorship-resistant ecosystem. Since all the data is stored across a P2P (peer-to-peer) network, the data remains secure from cyberattacks (because there’s no single point of failure).

IZ: What would you say to a user who’s seen this study and is worried about having to hand over so much personal information in order to access the financial system?

NG: Join the DeFi revolution! It is the only way to access the financial system without having to let go of your personal information. It is more secure, transparent, and inclusive than existing financial systems. On top of that, you’ll have complete control over your data. There are no centralized authorities, intermediaries, or third-party services, which makes DeFi more democratic while at the same time putting you (the consumer) at the centre of the value proposition.


Fact-checking & references

Our editors fact-check all content to ensure compliance with our strict editorial policy. The information in this article is supported by the following reliable sources.

Risk disclaimer

Invezz is a place where people can find reliable, unbiased information about finance, trading, and investing – but we do not offer financial advice and users should always carry out their own research. The assets covered on this website, including stocks, cryptocurrencies, and commodities can be highly volatile and new investors often lose money. Success in the financial markets is not guaranteed, and users should never invest more than they can afford to lose. You should consider your own personal circumstances and take the time to explore all your options before making any investment. Read our risk disclaimer >

James Knight
Editor of Education
James is the lead content editor for Invezz, covering the stock market, cryptocurrency, and macroeconomic markets. Outside of work, James is an avid trader and golfer… read more.