If These Apps Are Still on Your Phone, Someone May Be Spying on You

Meta (Facebook & Instagram)

No surprise: Meta is at the top of the list of apps that spy on you. The company that owns popular social media apps Facebook and Instagram (and their companion apps, like Meta Messenger) has ready access to the information of hundreds of millions of people who use these services, and it isn’t shy about collecting it.

Meta harvests enormous quantities of data about us, Ruiz says, “including decisions we make away from the apps and services.” (That means it can see what you’re doing even when you’re not using their apps.) Meta tracks browsing activity, ad interactions and location data, then uses this data to build a profile for each user, which it then uses to serve ads. Ad personalization controls are available, but they’re buried in the account settings, so you’ll have to dig around to find them.

“Many folks shrug off the dangers of targeted advertising because, for most people, an annoying ad is just that—an annoyance,” Ruiz adds. “But on rare occasions, an annoying ad can be dangerous.” He cites one instance in 2022, where Facebook was caught serving ads for unproven cancer treatments to users who had shown an interest in the disease. “There are many words to describe this advertising machinery, and none of them are good.” The company also had to pay a $5 billion fee levied by the Federal Trade Commission (FTC) in 2019—the largest penalty ever for privacy violations.

TikTok

TikTok is another popular free social media app that collects user data and uses it to serve ads. If you’ve found yourself “ doomscrolling ” for longer than you should be, you’ve certainly noticed advertisements on the short-form video platform (which are often disguised as regular videos).

These ads, while frequent and sometimes annoying, are easy enough to scroll past. But as with Facebook and Instagram, TikTok compiles your data to build a profile it uses to show you ads for things the algorithm thinks you’re likely to buy. And as with the Meta apps, you can limit, but not completely disable, these personalized ads.

TikTok’s privacy policy also allows for the collection of biometric identifiers, such as facial scans and voiceprints, in some jurisdictions. And it gets worse: In 2022, employees of ByteDance, TikTok’s parent company, improperly accessed the account data of U.S. journalists. The employees were fired, but the incident raised red flags about the safety of using the short-form video platform.

And that’s not the first time ByteDance ran into trouble. In 2019, the FTC issued the company a $5.7 million fine for violating the Children’s Online Privacy Protection Act when the app Musical.ly (which was later merged with TikTok) collected personal data of children under the age of 13.

Google

Google is another top offender on the list of apps that spy on you, not because it’s especially invasive, but because so many software platforms exist within the company’s ecosystem. Google Search, Gmail, Google Docs, YouTube, Maps, Chrome, Gemini and even entire operating systems (Android and ChromeOS) fall under the multi-colored Google umbrella. Rare is the person who doesn’t use at least one of these tools on a regular basis.

“Depending on your reliance on Google services, the company could know everything from your location history to your home address to your late-night searches for concerning medical symptoms,” Ruiz says. Not only does every Google app collect extensive data, but the data is aggregated across Google-owned apps and platforms.

Using Chrome’s incognito mode provides some protection, but it doesn’t eliminate tracking entirely, especially if you use it to log into personal accounts like Gmail or YouTube. You can disable location history in Maps and Web & App Activity, but these account settings are buried and must be disabled manually (they’re enabled by default).

Even these precautions aren’t a guarantee: In 2018, an AP investigation revealed that Google tracked user information even with location history disabled. Years later, in 2022, Alphabet (Google’s parent company) was forced to pay a $391.5 million multi-state settlement for deceptive practices relating to location tracking.

Amazon

Most people hear Amazon and think of online shopping. But like Google, Amazon has many apps and services under its umbrella. And while Amazon’s software ecosystem isn’t as broad as Google’s, its shopping platform is used by people worldwide (does anybody not shop on Amazon?).

Tracking searches and purchases is to be expected from a shopping app, but a bigger concern is hardware: Amazon has carved out a large (and growing) presence in the consumer electronics market, and today, you can find popular Amazon devices like Alexa-powered Echo smart speakers and displays in millions of homes. These devices can collect and store your voice recordings—including ones unrelated to your use of an Alexa-powered device. This has even resulted in legal actions: In 2023, Amazon agreed to pay a $25 million settlement to the FTC over the collection of voice recordings of children.

Amazon has also acquired a number of other smart home brands, including Ring and Blink, which make security devices such as video doorbells and cameras , raising additional questions about potential privacy abuse, such as whether law enforcement can access video recordings without the device owner’s permission.

Warden notes that, from a legal perspective, this practice is “generally viewed as violating the 4th amendment rights protecting unreasonable searches.” However, Ring has allowed law enforcement access to camera recordings without warrants before. That policy has since been revised, but concerns over privacy continue. “Also, don’t forget, the U.S. has no national data privacy law in place, unlike the EU,” Warden says.

Weather apps

You might be surprised to see weather services on a list of apps that spy on you. But in order to track the weather, apps like The Weather Channel and AccuWeather need to also track your location via your phone’s built-in GPS. And, like many other “free” apps, these aren’t exempt from serving you ads. “Most apps make their money by monetizing data collected from you and/or devices instead of from the sale of the app,” Warden reminds us.

On the surface, your geographic location might seem harmless. But GPS location data is both precise and potentially sensitive. It can reveal your home address, where you work and even your daily habits and routines. Furthermore, many weather apps make money by using location-based advertising, such as by showing you ads for businesses in your area.

Even if you never tap any of those ads, weather apps can still sell your data to third-party brokers, and they’ve been caught doing just that. In 2019, the city of Los Angeles sued The Weather Channel, alleging that the mobile app was collecting user location data for things other than weather forecasts.

Another incident was similar to the Google situation: Researchers found the AccuWeather app was gathering location data even when the user had disabled it. The app then transmitted this data to a third-party firm for monetization purposes. The takeaway: Be careful what apps you give GPS access to, and don’t assume that disabling it will keep your location private.

Snapchat

Snapchat, like TikTok, is very popular among the younger crowd. And, like TikTok, it’s fallen into hot water over its handling of user information. Features like Snap Map track your location, although users must opt into this, and as a video-centric platform, Snapchat uses biometrics (specifically, facial recognition) for certain creative tools, like face filters.

These might seem mostly harmless, but remember: Snapchat is a free app, and the company that owns it has to make money somehow. One way they do it is by tracking usage and engagement metrics, using this data to serve personalized ads in a similar fashion to other social apps like TikTok, Facebook and Instagram.

Its parent company, Snap, Inc., settled with the FTC in 2014 for misrepresenting its “disappearing messages” feature and for a data breach that compromised the data of more than 4 million users. And while that was more than a decade ago, Snapchat more recently ran afoul of biometric privacy laws in Illinois. A 2022 lawsuit alleged that Snapchat did not gain consent to collect users’ biometric data (in this case, facial recognition scans), and the company was forced to pay a $35 million settlement as a result.

Uber

The popular ride-hailing app Uber has all but replaced traditional taxi cab services in the minds (and phones) of many, and it’s not hard to see why. But because it relies on knowing your geographic location and where you want to go, Uber naturally collects quite a bit of data about your travels. It can even track your precise location even when you’re not using the app (if you don’t restrict these permissions) and also collects information regarding your trips, contacts (if given permission) and the device you’re using.

Some degree of data collection is to be expected with an app like Uber, but what’s concerning is their history of data breaches. In 2016, hackers gained illicit access to the user data of 57 million riders and drivers . To make matters worse, Uber tried to cover up the breach, which resulted in obstruction of justice charges being filed against the company and a $148 million fine paid to the FTC.

Another incident occurred in 2022, when a hacker used social engineering tactics to gain access to Uber’s internal network. Fortunately, no sensitive user data was compromised in the breach, but it nonetheless constituted a major security lapse.

X

X, formerly Twitter, is a text-centric platform, but it’s not without its share of privacy concerns, data breaches and—you guessed it—FTC settlements. Although perhaps not as invasive as apps like Facebook or Instagram, X still collects behavior and device data used to curate feeds (particularly the “For You” pages), and it also includes ads.

You can turn off ad personalization if you dig into the settings, and users also have the option of getting rid of ads altogether with a paid Premium+ subscription. Just be aware that this doesn’t stop the app from tracking you in other ways. It also doesn’t make you immune to hacks and data breaches, which have struck the app a few times. One notable example occurred in 2020. Hackers gained access to dozens of high-profile Twitter accounts, then used these profiles to promote a cryptocurrency scam.

In 2022, Twitter was hit with a $150 million penalty by the FTC for deceptively using data to push targeted ads. The following year, cybercriminals exploited a vulnerability and gained access to the email addresses of more than 200 million Twitter users. Although no passwords were compromised, it highlights the risks of giving any personal information to an app, because even the biggest ones aren’t immune to hackers.

LinkedIn

LinkedIn is basically “Facebook for professionals,” but this work-focused community platform carries the same risks and tracks much of the same data as any other social media app. As you’d expect from a professional networking and employment app, LinkedIn collects detailed user data like employment history and contacts, along with location data.

LinkedIn also tracks browsing activity and job searches done on the platform, as well as across partner sites, thanks to tracking cookies on your device. You can restrict some of this data sharing, but you’ll have to poke around in the privacy options in your account settings menu.

The website’s suit-and-tie reputation hasn’t gone untarnished by data breaches, either. In 2021, hackers gained access to a slew of personal information for more than 700 million LinkedIn users, and this data ended up for sale on the dark web. As with the Twitter hack, no passwords were compromised, but there’s a lot that bad actors can do with just an email , not to mention other tidbits like phone numbers, physical addresses and geolocation history, which were also compromised in the attack.

Words With Friends and other mobile games

Surely those harmless mobile games aren’t harvesting your data, right? Think again: Many popular free game apps, like Fruit Ninja and Candy Crush, carry hidden costs. These games can identify your device, collect location data, track your behavior and build unique profiles in order to serve you in-app advertisements.

Those ads might be easy enough to ignore or swipe past after a few seconds, but your data is still being collected and shared with third-party ad networks. You generally can’t opt out of this third-party tracking in the game’s settings, but your operating system might allow you to limit or disable ad tracking in your device’s settings.

Furthermore, social games like Words With Friends can gain access to your contacts list, which is usually required for you to invite others to play. Data breaches can happen here too. In 2019, Zynga, the parent company that owns Words With Friends, disclosed a data breach that affected more than 200 million players. This data breach included user passwords, again underlining the dangers of blindly trusting these seemingly harmless apps with your information.

How to stop apps from tracking you

The unfortunate reality is that, as long as you want to use these mobile apps, you have to abide by their terms and conditions—and that usually means accepting some degree of tracking. “Spying usually infers that a system or individual is gathering intelligence without the knowledge or consent of the target individual or entity,” Warden says. “The reality is that users consent, often without their implicit knowledge, simply by using an app.”

Nevertheless, here are some tips and tricks you can use to limit unnecessary tracking :

Control app permissions

One of the most important things you can do is pay attention to what’s happening when you’re installing an app in the first place. Don’t blindly hit “accept” when an app asks for permission. Most apps shouldn’t need constant 24/7 access to your geographic location data, for instance.

“Beware of apps that ask for unnecessary permissions such as your contacts, precise location, Bluetooth scanning and access to your photo library,” advises Warden. “The last two provide extremely rich metadata that can be used by data companies to paint a complete picture of what you do and where you do it.”

Audit your app permissions

Warden says that device owners “should perform monthly audits on the permissions applications are using,” so check the permissions of apps you’ve already installed, and adjust them as necessary.

You can do this in the settings app on your smartphone or other device, in either the privacy and security menu or app-by-app in the apps menu. Take a few minutes go through all installed apps and see which services they are accessing. You might be surprised to see apps collecting data that they shouldn’t be, and you can disable that here.

Additionally, you should go into the settings menu of your most-used apps (especially the ones on this list) and turn off things like personalized advertising, if possible. Although it won’t eliminate tracking altogether, it can limit the amount of data your apps collect and share with third parties.

Disable or limit personalized ads on your device

Along with restricting app permissions, you can further limit tracking within your device’s operating system. Here’s how:

On iPhone

1. Open the Settings app, then select Privacy & Security

2. Select Tracking

3. Toggle off Allow Apps to Request to Track

On Android (exact steps may vary by device)

1. Open the Settings app, then select Google

2. Select All Services

3. Under Privacy & Security select Ads

4. Select Ads Privacy

5. Toggle off all ad permissions

Note that you can also disable location services entirely in your phone’s privacy settings, but this may make some app features non-functional or prevent you from using the apps altogether. Instead, we recommend setting location data permissions (as well as things like camera and microphone access) to when the app is in use.

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece, Lucas Coll tapped his experience as a tech journalist to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team , our contributors and our editorial policies .

Sources:

• Don Warden II, cybersecurity expert and president of Cyber Pros LLC ; interviewed, February 2026

• David Ruiz, senior privacy advocate for Malwarebytes ; interviewed, February 2026

• FTC : “FTC Imposes $5 Billion Penalty and Sweeping New Privacy Restrictions on Facebook”

• MIT Technology Review : “Facebook is bombarding cancer patients with ads for unproven treatments”

• CNN : “TikTok confirms that journalists’ data was accessed by employees of its parent company”

• Associated Press : “AP Exclusive: Google tracks your movements, like it or not”

• FTC : “FTC and DOJ Charge Amazon with Violating Children’s Privacy Law by Keeping Kids’ Alexa Voice Recordings Forever and Undermining Parents’ Deletion Requests”

• Guardian : “’Tracking every place you go’: Weather Channel app accused of selling user data”

• FTC : “FTC Charges Twitter with Deceptively Using Account Security Data to Sell Targeted Ads”

• BBC : “Uber concealed huge data breach”

• Reviews.org : “Cell Phone Usage Stats 2026”