Fact checked

These are the "worst" financial apps for your privacy

data app
Media inquiries: [email protected]

Financial apps may be handy for managing your money, but they often collect an extensive amount of sensitive data and, in some cases, share this information with third parties.

To understand the impact these financial apps can have on your privacy and security, Creditnews Research examined the data safety practices of the 60 most downloaded financial apps for Android.

In particular, we looked at what user data these apps disclose to other companies or organizations.

The apps examined fall into six categories: cryptocurrency, mobile banking, loans and credit, insurance, budget management, and trading.

Key findings

  • Nearly 3 in 4 of the financial apps examined share at least some information with third parties;
  • On average, financial apps share over 6 types of data each, including device or other ID data, names, email addresses, app interactions, and phone numbers;
  • Interestingly, some financial apps also disclose data on race and ethnicity, health, web browsing, voice and sound recordings, contacts, and emails;
  • Cryptocurrency apps disclose the most information to third parties, averaging 8 different types of data per app;
  • Out of financial apps, Crypto.com, Rocket Money, and Kikoff are the biggest "offenders" when it comes to data sharing.

Top 10 apps that share the most data with third parties

Overall, 72% of the analyzed apps were found to share at least some user information with third parties. However, certain apps reveal more than others.

10 apps data

1. Crypto.com

A widely used crypto trading app with over 10 million downloads on the Google Play Store, shares the most user data among financial apps analyzed, revealing 19 data types across 10 categories to third parties.

This includes various personal information such as name, email address, address, phone number, user IDs, purchase history, files and documents, photos and videos. The app further shares approximate and precise locations, app interactions, device and other IDs, as well as various app information and performance data.

Crypto.com is the only application in the analysis that shares email messaging data and is one of the few sharing voice recordings with third parties. It also collects information on users' political and religious beliefs for app functionality, fraud prevention, security, compliance, and account management purposes, but it doesn't mention sharing this data.

2. Rocket Money:

The budgeting and financing app Rocket Money comes second on the list, sharing 18 types of data across 7 categories.

The app reveals users' files and documents, financial information such as payment info, purchase history, credit score, and various personal identifiers such as name, email, user IDs, address, and phone number to third parties.

Like the Crypto.com app, it also shares approximate location data, app interactions, devices and other IDs, as well as various app info and performance data.

3. Kikoff

The credit building app Kikoff is not far off, sharing 17 types of data, including but not limited to name, email, address, user IDs, phone number, payment info and purchase history, photos, files and docs. The app, however, collects a little more than it reveals — a total of 19 data types.

4. Principal

The Principal app stands out for disclosing its users' web browsing history to third parties. The app claims the information is shared for analytics, fraud prevention, security, and compliance purposes. In total, the Principal application shares 16 types of data across 9 different data categories.

5. Lemonade Insurance

The insurance app also discloses 16 types of data to third parties. In addition to the usual categories such as personal data, financial data, app activity and performance data, device and other IDs, and location data, Lemonade Insurance is the only app on the list that shares users' health information.

The remaining applications in the top 10 are One - Mobile Banking (16), SoFi (16), Bitget (15), Possible (15), and TradingView (15).

Notably, the crypto app Bitget and the credit-building app Self Is For Building Credit were found to share some alarming types of data. Both apps reveal data on race and ethnicity to third parties.

Bitget notes this type of data collection is for app functionality, fraud prevention, security, and compliance purposes, whereas Self Is For Building Credit shares information on race and ethnicity for analytics purposes.

Like Crypto.com, Bitget was also found to disclose voice or sound recordings. Additionally, the trading application Schwab Mobile was found to share contact information with third parties.

The biggest "offenders" by financial app category

To better understand which financial apps reveal the most data, we examined data sharing not only by the individual app but also by category. Cryptocurrency apps emerged as winners.

Average number of data types shared per app in each category:

  • Cryptocurrency apps: 7.9
  • Trading apps: 6.6
  • Budget management apps: 6.6
  • Insurance apps: 6.4
  • Loans and credits apps: 6.3
  • Mobile banking apps: 5.3
  • Overall average data points shared per app: 6.5

The financial apps we analyzed share user data in 13 out of 14 possible categories. The only category these financial apps exclude is the Calendar, which encompasses details like events, event notes, and attendees from a user's calendar.

Overall, the most shared types of data are device or other IDs, with 47% of analyzed apps disclosing it, followed by name (45%), email address (43%), app interactions (42%), and phone number (40%).

On the other end of the spectrum, 17 apps were found not to disclose any data to third-party companies or organizations.

The implications of data sharing

Due to the sensitive nature of the data they process, financial apps are prime targets for cybercriminals, and sharing data with third parties creates a larger attack surface.

This increased vulnerability makes data breaches more likely, which can lead to severe consequences such as financial loss, identity theft, and reputational damage.

Additionally, your data can be used to create detailed profiles about you, resulting in intrusive targeted advertising and potentially discriminatory practices based on your behavior and preferences.

Despite these risks, data sharing can also be essential to the functionality of financial apps. For example, sharing data with fraud detection services can help financial institutions detect and prevent fraudulent activity.

The reality is that data sharing isn't purely black or white, and it's nearly impossible to function in the modern world without leaving a digital trace.

Therefore, staying informed and thinking critically about how and with whom you share your data is essential.

You must use your judgment to decide what data sharing is acceptable and what is not, ensuring that you strike a balance between convenience, privacy, and security.

Methodology
Sources
  1. Google Play Store. Accessed June 12, 2024.
  2. Data safety on Google Play. Google Play Support. Accessed June 12, 2024.
  3. AppTweak. Accessed May 22, 2024.