Good for your wallet but not for your privacy: 60% of 20 popular budgeting apps share your data

Sure, you might be smart with your money, but are you smart with your privacy? According to a survey commissioned by Forbes Advisor, most people get their financial advice from social media and 51% of them say that advice involves budgeting.¹ Another recent survey revealed that 75% of smartphone users have used at least one budgeting app.² This comes as no surprise as these apps are a favorite solution for so many financial “gurus” on social media. 

While this may be sound advice for those looking to be responsible with their finances, it might not be the best option for those also trying to be responsible with their data. To find out if this budgeting tip comes with privacy pitfalls, our research team analyzed the privacy practices³ of 20 popular budgeting apps for Android. With some of these apps being recommended by influencers across multiple platforms, we looked at whether they hold up from a data privacy standpoint.  

Key insights:

• Nearly one-third of data collected by these apps is shared with third parties. 
• 1 in 4 of the budgeting apps share your financial information with third parties. 
• 60% of investigated apps shared at least some data with third parties.
• On average, investigated apps collect over 9 data points each.
• The most data-hungry app collects 22 data points (out of a possible 38). 
• More popular apps collect more data—those with over 5M downloads collect 12.3 data points on average while those with fewer than 5M collect 7.6.
• Apps that do share user data with third parties share 5 data points on average.
• The investigated apps ask for an average of 11 permissions.
• Some apps request access to users’ calendars, Bluetooth settings, and contacts, all of which could have serious privacy and security implications. 

How much data are you trading for easier budgeting?

The fact that apps collect your data likely isn’t news, but it also might not tell you much. To fully understand the effect these budgeting apps can have on your data privacy and security, it’s also important to know how much and what kind of data they collect. This is the first thing our researchers looked at. 

The applications’ full names are available in the research materials via the public dataset.

The Google Play Store defines 38 data points that can be collected. Our research shows that, out of those 38 possible data points, the budgeting apps in our data set collect an average of 9 per app. While the average number of data points collected isn’t extraordinary, the types of data they collect are more noteworthy. The budgeting apps we analyzed collect user data that fall into 12 out of a possible 14 categories. The only two data categories these budgeting apps don’t seem to be interested in are Health and fitness and Web browsing. 

To better understand what kind of data these budgeting apps are interested in, we looked at which categories the data they collect represent and how many instances of their collection were recorded. 

Here are the top findings: 

1. Personal information (names, email addresses, etc.) was collected 51 times. 
2. Financial information (credit score, payment history, etc.) was collected 31 times.
3. App info and performance (crash logs, app performance information, etc.) was collected 29 times.
4. App activity (user-generated content, other installed apps, etc.) was collected 21 times. 

Some specific user data points also stood out, with only six data points making up one-third of all the data collected by the budgeting apps we analyzed. The most desired was user email addresses, with 75% of analyzed apps collecting this data point. Not far behind came device or other IDs, with  70% of apps collecting them, and user IDs, purchase history, and app interactions with 65% of apps collecting each. 

Three apps also stood out in terms of how much user data they collect. Mobills: Budget Planner collects the highest amount of data points at 22 and, on the other end of the spectrum, Expense IQ Money Manager and Bluecoins Finance & Budget declare that they collect no user data at all. 

Nearly one-third of collected data points are shared with third parties

The implications for your privacy do not end with data collection. The Google Play Store requires app publishers to disclose how they handle user data, including which collected data can be shared with “other companies or organizations.”⁴ 

12 out of 20 investigated apps shared at least some data with third parties. In fact, those that share data make available an average of 5 data points to third parties. Notably, apps that share at least one data point with third parties tend to collect an average of 12 data points from their users, while those that don’t share data collect an average of 6. This indicates that more data-hungry apps may also be more “generous” when it comes to sharing. 

The data categories most frequently shared by the apps we analyzed include:

1. Device or other IDs (including only a single data point by the same name), shared by 9 out of the 20 apps.
2. App activity (including App interactions and Other actions), shared by 8 apps.
3. App info and performance (including crash logs and diagnostics), shared by 8 apps each. 
4. Personal info (including phone numbers and names), shared by 7 apps.

The most “generous” app when it came to sharing data was NerdWallet: Manage Your Money, sharing 14 data points from 6 categories (including things like the users’ name, phone number, and purchase history) with third parties. 5 out of these 14 shared points are categorized as Personal info. Interestingly, the app admits to sharing more data than it declares to collect in the Google Play data safety section.

EveryDollar: Budget Tracker also shares data from 6 categories, but the number of unique data points made available to other companies is slightly lower at 11. It shares 3 data points from App info and performance and 3 from Personal info, including users’ names and email addresses. 

Of the apps that collect your financial information, 5 also share that data with third parties. NerdWallet discloses that they may share your credit score, for example. Other apps share things like User payment info (shared by 2 apps – Wallet: Budget Expense Tracker, Mobills: Budget Planner), Purchase history (shared by 4 apps – Wallet: Budget Expense Tracker, Money manager & expenses, EveryDollar: Budget Tracker, NerdWallet: Manage Your Money) and Other financial info (shared by 2 apps – Wallet: Budget Expense Tracker, NerdWallet: Manage Your Money).

We also took a look at whether the developers allow their users to request the removal of collected data. We found that 18 out of the 20 budgeting apps do claim to make user data deletion available. One of the two apps that did not claim to allow removal, Bluecoins Finance & Budget, also says they don’t collect data. The other app that doesn’t empower their users to delete their information is Spending Tracker, which collects 5 data points. 

While most of the budgeting apps do allow data removal, it remains unclear whether that user data would also be removed from third parties, given that 11 of the 18 apps do share some data. Typically, third parties should be informed of the user’s request, but whether this happens in practice is almost impossible to know. As every additional party that has access to your data increases the risk of privacy and security issues such as data breaches or misuse, this has implications for your ability to exercise control over your data.

What permissions do you give these budgeting apps?

The final variable that our researchers looked at was the permissions the 20 budgeting apps request. Permissions give apps access to parts of your device, which they may also share, depending on whether they use ad libraries.⁵ 

The applications’ full names are available in the research materials via the public dataset.

We found that, on average, the investigated apps request 11 permissions each. However, the actual number of permissions varied greatly among the apps. In our sample, Wallet: Budget Expense Tracker asks for the most permissions at 18, and Monefy – Budget & Expenses asks for the fewest at 6 permissions.

While some of the requested permissions are obviously essential to the functioning of the apps, there were a couple of permissions that stood out as concerning:

• Read calendar events plus confidential information, asked for by one of the popular budgeting apps, Mint: Budget & Track Bills. Calendar events contain locations, names, and contact information. Mint also asks for the add or modify calendar events and send email to guests without owners’ knowledge permission.
• Read your contacts, asked for by 3 of the investigated apps. This permission, if granted, allows the app to read the contact information stored on your device. Notably, contact information not only includes numbers and names but also how frequently you’ve been in contact with each other.⁶ 
• Access Bluetooth settings, asked for by 2 of the investigated apps. This permission gives the budgeting app the ability to turn on your Bluetooth and connect to available devices. 

Overview of all the budgeting apps in the study

Budgeting apps can help keep your finances in order, but some come with some privacy risks as a tradeoff. It’s up to each user to decide if the number of data points collected and shared is worth it. As a general rule, you might ask yourself “if you wouldn’t share financial data with your friends, why would you share it with these companies?”

If you do decide to use a budgeting app, our research has found that some may be a better investment in your privacy than others.

A trend our researchers clearly observed in the sample of 20 budgeting apps we analyzed was that more popular apps were generally more data-hungry than less popular apps. The apps with over 5M downloads collected an average of 12.3 data points, compared to only 7.6 points collected by those with under 5M downloads. A similar, but less pronounced difference exists between the number of points shared by the most popular apps, at 3.7, and less popular apps, at 2.9 points. 

While all the apps available on the Google Play Store provide information on what data they collect and share, it can be difficult to determine which ones generally offer more privacy. One app may collect a lot of data points, for example, but share only a few, while another may collect no data but share a lot. 

To help determine how these apps compare in terms of privacy, our researchers devised a point system. Since collection means your data goes to one company, each data point collected is worth one point. Since sharing means that your data goes to at least two companies, each data point shared is worth two points. Tallying up the total points allowed us to come up with a list of the least and most private budgeting apps from among our data set of 20. 

Least private:

1. NerdWallet: Manage Your Money
2. EveryDollar: Budget Tracker
3. Money Lover – Spending Manager, Mobills: Budget Planner (two apps tied for 3rd)
4. Wallet: Budget Expense Tracker

Most private:

1. Expense IQ Money Manager
2. Bluecoins Finance & Budget
3. Budget planner—Expense tracker
4. Mint: Budget & Track Bills
5. AndroMoney ( Expense Track ), Bills Reminder, Budget Planner (two apps tied for 5th)

Methodology

Incogni’s researchers sought out and made a list of 20 popular budgeting apps on the Google Play Store that were recommended on social media, blogs, and articles around the web. They then collected three main types of information about these apps as made available on their respective Google Play pages: 

1. What user data is collected;
2. What user data is shared with third parties;
3. What permissions are requested by the apps.

The analysis was focused on comparing apps with each other and dataset averages across the collected data types. 

Data collection took place between July 17, 2023 and July 18, 2023.

Note on data:

As of data collection, one app, NerdWallet: Manage Your Money, claims to share more data points than it collects. While the exact reason for this is unavailable to Incogni’s researchers, it could be caused by either the user data being collected by third parties without it ever reaching the developers or an error in filling out the data safety section. 

The data used in this research is available here: Public dataset

Sources

1. Egan, John. “How Adults Are Getting Financial Advice From Social Media.” Forbes Advisor. Accessed September 8, 2023. https://www.forbes.com/advisor/investing/financial-advisor/adults-financial-advice-social-media/.
2. FactMR. “Personal Finance Mobile App Market Outlook.” Accessed September 8, 2023. https://www.factmr.com/report/personal-finance-mobile-app-market.
3. Google Play Store. Google Play. Accessed September 8, 2023. https://play.google.com/store/apps?hl=en_US&gl=US.
4. Google. “Data safety on Google Play.” Google Play Support. Accessed September 8, 2023. https://support.google.com/googleplay/answer/11416267?hl=en&visit_id=638259545896114421-3495716743&p=data-safety&rd=1.
5. Morelli, Federico. “Stop Before You Shop – Are Your Shopping Apps Sharing Access to Your Device?” Incogni Blog. Accessed September 8, 2023. https://blog.incogni.com/shopping-apps-research/.
6. IzzySoft. “Android Permissions List.” IzzySoft. Accessed September 8, 2023. https://android.izzysoft.de/applists/perms?lang=en.