Your most-used apps might pose more danger than they're worth. Here's what you need to know about common apps that spy on you.
1
/
13
Be proactive
First things first: You can save yourself a whole lot of heartache if you take some simple steps before ever downloading any apps at all, says Caleb Barlow, former VP of threat intelligence at IBM, who is now an independent cybersecurity advisor.
“Only get mobile applications from the legit stores,” he says, referring to Google Play and Apple’s App Store. And once you’ve found legitimate apps you want to download, “be religious about permissions and check on application permissions on a regular basis.” That includes turning off permissions that are not required for the application to work properly, he adds.
It’s also a good idea to put a lock on apps just in case someone physically gets hold of your phone. And do your research before downloading anything to your phone. Barlow recommends checking the app’s reviews: Ideally, anything you add to your phone will have already been used and reviewed by thousands of other people.
OK, so which apps are notorious for collecting your data and even sharing it with other organizations? Read on for big-name offenders.
2
/
13
Look, we all love our social networking apps. But if you’re looking for apps to delete to protect your information, “the absolute worst culprit is Facebook,” says Raffi Jafari, co-founder and creative director of Caveni Digital Solutions. Unfortunately, Facebook is notorious for collecting data on you—even if you don’t use its service. “But removing Facebook-powered applications from your phone is a great first step to protecting your privacy.”
“The sheer scale of their data collection is staggering, and it is often more intrusive than companies like Google,” he says. “If you had to pick one app to remove to protect your data, it would be Facebook.”
3
/
13
In 2019, this popular app was involved in a major security incident, and it was “a call to action for users who may be living under a rock and unaware of the vulnerabilities that were disclosed,” says Michael Covington, a VP at Jamf who previously developed security products at Intel Labs and Cisco Security. “The vulnerabilities with WhatsApp—both iOS and Android versions—allowed attackers to target users by simply sending a specially crafted message to their phone number.”
“This was one of the most widespread issues I’ve seen impacting mobile devices, and we continue to see out-of-date versions on enterprise devices,” Covington says. “Once successfully exploited, the attackers were granted access to your microphone, camera, contact list and more.”
Luckily, this one is easy to fix: Simply update the app to the latest version. If you’re not sure how old your app is, look at the version number. As of this writing, in early 2026, Android’s version number follows a 2.26.1.x pattern, and iOS is running 26.1.x (with the Xs replaced by individual update numbers).
4
/
13
Weather apps
“Check your weather app,” says Shayne Sherman, a former executive with TechLoris, a PC security company. “There have been several different weather apps out there that have been laced with Trojans or other malware.” One example came in 2017, when malware was bundled with a legitimate app called Good Weather. That issue was resolved, but many apps share similar names, so it’s important to be alert.
While the most benign of these apps claims to take your information purely for weather accuracy, Sherman calls that questionable. “Watch your local forecast instead.”
5
/
13
Like Facebook and WhatsApp, Instagram is owned by Meta, which is part of what makes it a risk. “People need to remember that at Facebook and plenty of other places, you’re the product, not the customer,” says Dave Salisbury, senior fellow at the University of Dayton Center for Cybersecurity and Data Intelligence. Instagram requests several permissions that include modifying and reading contacts, gaining access to your network and the contents of your storage, locating your phone and others.
The expert says to remember that information about you, what you do, where you go and who you interact with is valuable. “If you’re OK with giving that up for some free services, that’s a valid choice,” Salisbury says. “What I’d hope is that people actually think through the choice in an informed way and make sure they’re getting as much as they’re giving.”
6
/
13
Facebook Messenger
Since Messenger is a separate Facebook app, Attila Tomaschek, a privacy expert at CNET, feels that it’s important to address as well. “Deleting Facebook Messenger is a no-brainer, based upon the company’s frighteningly lax approach to protecting user privacy,” Tomaschek says. (As of early 2026, Meta says on its site that it is “in the process of securing personal messages with end-to-end encryption by default,” but the rollout isn’t complete.)
If that doesn’t make you feel any better, heed Tomaschek’s warning: “Basically, if you don’t want your personal data to be subject to Facebook’s flimsy data-privacy practices and you don’t want anyone potentially eavesdropping on your private messages, then it’s best to cut your losses, delete the app and look elsewhere.”
Tomaschek recommends the secure messaging app Signal. “Your messages in Signal are secured by the app’s proprietary encryption protocol, which many consider the most secure messaging protocol available today,” he says. “In fact, Edward Snowden has even endorsed Signal as a secure messaging app.”
7
/
13
Flashlight apps
We bet you didn’t see this one coming. “Free flashlight apps are often of high cybersecurity risks,” says Harold Li, vice president of ExpressVPN, a consumer privacy and security company. “Many of these apps are free but ad-supported, and they often request permissions, such as audio recording and contact information, to apparently function properly. When users install these apps, they risk sharing their personal data with app developers who monetize the data by selling them to advertisers.”
Li recommends removing these apps entirely. Then he recommends updating your passwords for any social media or email accounts you use on your phone. You can also write to these companies and request that all your data be deleted. Under laws in certain states and other countries, consumers have the right to the erasure of all their data.
While Li couldn’t recommend any safe alternatives, he did say that most phones already come with a built-in flashlight function, “so you really don’t need to install another free app that could be collecting and selling your data.”
8
/
13
App games
Angry Birds doesn’t have the same cache as it did when it became a worldwide phenomenon, but it and other app games can be dicey, so do your homework.
“When Snowden blew the whistle on the NSA and exposed the agency’s surveillance tactics, he mentioned the Angry Birds app specifically as one that the NSA was using to siphon the personal data of its users,” Tomaschek says. “The app was leaking personal data like users’ phone numbers, call logs, home country, current location and even marital status, and the NSA was gobbling it up without any misgivings whatsoever.”
That breach was in 2019, and “Angry Birds app developers have since evidently patched the vulnerability that allowed for the information to be leaked,” Tomaschek says. “So if you take the developers’ word for it and simply can’t resist indulging in slingshotting birds across your phone screen, then at the very least update to the latest version of the app.”
9
/
13
DoorDash
Who doesn’t love DoorDash and other food-delivery apps? Privacy experts, that’s who. Back in 2019, the popular and convenient DoorDash app was featured in a Washington Post investigation, and it revealed an alarming amount of personal data that the app tracks and shares with other entities, according to Tomaschek. (That was the year more than 5 million Dashers, customers and merchants were exposed in a breach.)
“This data includes information like your name, email address and physical address, along with the make and model of your phone,” Tomachek says. “Furthermore, Facebook and Google ad trackers are also being used by the app, which means that the two tech giants know every single time you open the app.”
And in 2024, DoorDash had to pay $375,000 and agree to submit annual reports to the California attorney general to verify that it was complying with the state’s strict privacy laws.
What can you do? Tomaschek recommends deleting the app altogether, but that doesn’t mean it’ll be the last you hear of DoorDash. “Unfortunately, some apps can employ ‘uninstall trackers,’ which basically alert the app developer if the tracker detects that a user has uninstalled the app,” he explains. “While the app won’t be able to track you or collect your data any longer, you may notice advertisements popping up all over the place on your phone for the app you deleted, attempting to entice you to download it again.”
10
/
13
Children’s apps
We love our kids, and our kids love our phones. And there can be times when allowing them to play a game can be an incredibly helpful distraction. But you should “be very cautious about children’s games and apps that have little or no reviews,” says Barlow. With children’s apps in particular, “be wary of anything that stores video and audio content. This stuff lasts forever.”
11
/
13
Dating apps
Dating apps are notorious data collectors. Think about it: They get names, email addresses, phone numbers, employment info and even whether you own a pet! That’s way beyond the obvious location and age data, and it’s a lot of personal information that could be weaponized against you, according to privacy advocates.
In late 2025, a European privacy-advocate group filed suit against Grindr alleging it violated EU privacy laws, and on this side of the pond, there have been numerous high-profile breaches and complaints. In 2024, the women’s dating app Tea had a breach in which 72,000 images were stolen from the platform. And in early 2026, the security group Cybernews found major breaches in apps that cater to the LGBTQ+ and other minority communities, exposing more than 1.5 million photos and leaked API keys, passwords or encryption keys.
12
/
13
Ring doorbell app
Ring doorbell users think that they’re the spies, but the app does even more lurking on their phones. An investigation by the Electronic Frontier Foundation found that the Android app is packed with third-party trackers that collect names, IP addresses, mobile network carriers, persistent identifiers and sensor data and share them with four marketing and analytics companies. And in late 2025, Ring launched new facial-recognition software that has privacy advocates on edge.
13
/
13
How to combat apps that spy on you
Unfortunately, all apps come with some degree of risk. Salisbury recommends reviewing permissions, disabling location services when possible—though some apps won’t work without your location—and turning off geotagging for pictures.
“With this location and geotagging data, marketers and perhaps less savory people can build a pretty decent profile of where you’ve gone and when,” Salisbury says, adding that the privacy implications of this activity should be obvious. “Disable permissions if you aren’t comfortable with the app having that kind of access to your phone data or can’t think of a reason why that app needs that permission,” he adds. “If it’s not an option to disable the permission, uninstall the app.”
About the experts
|
Why trust us
Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece on apps that spy on you, Leah Campbell tapped her experience as a tech reporter to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.
Sources:
- Caleb Barlow, cybersecurity expert with Charlesbank Capital Partners
- Raffi Jafari, co-founder and creative director of Caveni Digital Solutions
- Shayne Sherman, former executive at TechLoris and current marketing manager at Outdoor Warranty
- Michael Covington, vice president of portfolio strategy at Jamf
- Dave Salisbury, senior fellow at the University of Dayton Center for Cybersecurity and Data Intelligence
- Attila Tomaschek, digital privacy expert at CNET
- Harold Li, vice president of ExpressVPN
