Dating and social apps know who you’d vote for

Incogni’s researchers analyzed data from the most popular apps on the Google Play Store across 36 categories, based on AppMagic’s 2024 rankings. The study examined how much and what types of personal data these apps collect, with a strong focus, in the face of the upcoming US elections, on data revealing political affiliations. 

Americans may disclose sensitive data, such as their political beliefs, via social media, by contributing to campaigns, or by using apps and services that collect it. This data can then end up on data broker databases and be sold on to organizations or individuals for different purposes, including violence, intimidation, and manipulation.

Data has been exploited during elections before: the Russian firm Internet Research Agency, for example, launched a wide-scale campaign to disenfranchise black Americans in 2016. 

With this in mind, we investigated which apps collect and share information about users’ political beliefs with third parties.

Key insights

• Dating apps are the most data-hungry, collecting an average of almost 15 data points, followed by Shopping apps, which collect an average of 13 data points. 
• A total of 74 apps collect and sometimes share political or religious beliefs, most of these are dating apps, with 59 of them collecting this information and 15 also sharing it with third parties.
• Among other apps collecting data on political or religious beliefs are 7 Social apps; 6 Medical apps; and 2 each of Books & Reference, Business, and Finance apps. 
• Most of the apps collecting political and religious beliefs, including Facebook, Messenger, Bumble, Hinge, Badoo, and many Dating apps, disclose questionable purposes for collecting this information such as app functionality or analytics.
• Some dating apps, such as Match Dating App: Chat & Meet, Ourtime Date, Meet 50+ Singles, BLK Dating: Meet Black Singles, and eDate: Spin A Date, indicate that political and religious beliefs help with developers’ communications, which also seems excessive.
• If a user chooses to disclose this information, it may end up in the hands of an unauthorized entity, especially when 21% of apps collecting this data point share it with third parties.

The most data-hungry categories

We found that the 3,466 apps we analyzed (comprising 3,462 unique apps—some being repeated across different categories) collect an average of 8 data points and share an average of 3. Breaking this down by the 36 categories outlined by AppMagic, some differences, and certain tendencies, started to emerge. 

Dating apps collect the most data points, followed by Shopping, Watch, and Social apps. 

In terms of sharing user data with third parties, the Shopping category leads the pack, followed by Finance and Food & Drink apps. 

It should be noted, however, that while some categories clearly stand out for collecting or sharing the most data, there may be significant variation between apps within the same category. For example, 75 (out of 93) dating apps collect fewer than 20 data points, meaning that users have the opportunity to seek out less data-hungry alternatives to meet their needs. 

Political and religious beliefs

What really stood out to our researchers was the number and sensitivity of data points collected and shared for advertising, especially those revealing political affiliations.

A total of 74 apps collect and sometimes share political or religious beliefs. More specifically, 59 collect this information but do not share it, while 15 collect and share it. 

Of the 74 apps collecting political and religious beliefs, 47 are Dating apps; 7 Social apps; 6 Medical apps; 2 each of Books & Reference, Business, and Finance apps; and 1 each of Communication, Entertainment, Events, Health & Fitness, Lifestyle, Parenting, Shopping, and Watch Faces apps. It’s worth noting that some apps that are categorized as Social apps are, in fact, Dating apps, which only emphasizes the generally intrusive nature of this category.

Most of the apps collecting political and religious beliefs, including Facebook, Messenger, Bumble, Hinge, Badoo, and other Dating apps, claim to do so for app functionality. This may raise some eyebrows, as it would mean collecting such data somehow helps developers improve the reliability, ease of use, and overall user experience.

Some apps, including Upward: Christian Dating App, YouVersion Bible App, or Receipt Hog: Cash for Receipts, collect this data point for analytics, which is normally used to track app visitors and measure app performance. Other apps use this data point for personalization, which makes sense in the case of social and dating apps, but is more than questionable for Health apps such as BetterHelp – Therapy or Finance apps such as Klover – Instant Cash Advance.

Some dating apps, such as Match Dating App: Chat & Meet, Ourtime Date, Meet 50+ Singles, BLK Dating: Meet Black Singles, and eDate: Spin A Date, indicate that political and religious beliefs help with developers’ communications, which also feels excessive.

Although most of the apps collecting political and religious beliefs make it optional, it’s still concerning to see the purposes the developers gave, especially considering how questionable so many of those purposes are. 

If a user consents to the collection of this information, there is always a chance that it may end up in the hands of an unauthorized entity. Many of the apps collecting political and religious beliefs, 15 out of 72 (21%),  share this data with third parties. Even if the app doesn’t share users’ political views, the information may still be exposed in a data breach, where sensitive information is stolen or leaked on the dark web.

Data incidents involving dating apps

Only 10 out of the 47 Dating apps collecting Political and religious beliefs also share this information. However, this doesn’t mean the data the remaining 37 apps hold will never reach third parties. Data breaches occur, and the more places data can be found, the higher the risk of exposure. 

Our previous research on dating apps included security incidents some of the most popular dating apps have suffered over the years, often exposing highly sensitive information. 

Those incidents include:

• Bumble had an exposed, unsecured database that was vulnerable to public access for at least seven months. While no evidence suggests that user data was accessed before the issue was resolved, personal details like physical attributes, location, and educational background were left unprotected.
• Tinder experienced a breach in late 2019 when approximately 16,000 user profiles had their images scraped and shared on a cybercrime forum. In total, around 70,000 photos were collected and distributed online.
• In 2019, Coffee Meets Bagel reported that unauthorized access to user data had occurred. Although details remain unclear, the company stated that no sensitive information was compromised in the breach.
• Facebook, though not specifically its dating platform, has faced numerous incidents involving data security, some of which led to fines for mishandling user information. A significant breach occurred between 2018 and 2019 when user data was accessed and later leaked in 2021.
• In 2019, a white-hat hacker notified Plenty of Fish that certain data marked as “hidden” could be viewed by other users on the platform. This data potentially included sensitive details like ZIP codes, although there is no confirmation that malicious parties exploited the vulnerability.

Conclusions

The results of this research highlight the complex and sometimes unsettling reality of how apps handle user data. While it’s common knowledge that most apps collect and share some data, it’s important for users to understand that it’s not just innocuous technical information like crash logs that are being harvested. 

Apps often share far more sensitive data, such as voice recordings, sexual orientation, and political and religious beliefs. All of which pose a much greater risk to user privacy and security.

In light of the extremely polarized political climate in the US, and the upcoming elections, many individuals may wish to keep their beliefs (and other sensitive information) private. Exposure of such data may even pose risks to the democratic electoral system, as it has in the past. 

Ultimately, this research highlights the need for greater transparency and accountability in how apps handle personal information as well as improved privacy regulations that better protect both individual and national interests.

Methodology

Incogni researchers sought out the top 100 free apps across 36 categories in the US based on AppMagic’s rankings for 2024. In this study, we skipped over an additional dozen categories which were children-focused as well as some game categories, instead just keeping the main Games and Children categories and ignoring the sub-categories. 

Upon identifying the most popular apps in the 36 categories, we sought them out on the Google Play Store. Data collection and sharing policies were accessed October 18 – 21, 2024.

Notes on data:

We found that around 5 apps had appeared in several categories, thus we had fewer unique apps than the expected 3,600. 

Secondly, not all app names and developers listed on App Magic had an equivalent match on the Google Play Store. In turn, we used the app ID (as provided on AppMagic’s rankings) to determine which apps to collect information for. 

Furthermore, approximately 100 apps identified as being amongst the top 100 across the 36 investigated categories could not be found on the Google Play Store. 

The data used in this research is available here: Public dataset.

Sources

1. AppMagic. “Top Charts: Apps – 2024.” Accessed October 21, 2024. https://appmagic.rocks/top-charts/apps?date=2024-01-01&aggregation=year&store=1&tag=&country=US. 
2. Hsu, Tiffany. “Russia’s IRA Targeted Black Americans to Spread Mistrust and Chaos.” Wired. October 9, 2023. https://www.wired.com/story/russia-ira-target-black-americans/. 
3. Incogni. “Dating Apps Privacy Research.” Incogni Blog. Accessed October 22, 2024. https://blog.incogni.com/dating-apps-privacy-research/.