The recent warning that Meta and Yandex have been secretly tracking billions of phones is a stark reminder that your most sensitive data is at risk. That loophole will now close, as others will be found. Let’s not forget Google itself was caught doing broadly the same.
It’s now four years since Apple’s game-changing App Privacy Labels exposed the sheer extent of data harvesting targeting iPhone users, with the assumption that Android must be even worse. I covered that extensively at the time, and it was clear then — as it is now — that when you’re not paying for a product, you are the product.
Multiple reports since have highlighted that permission abuse is still rife, with apps requesting access to data and functions they do not need to deliver the features of the app itself. This is data monetization, pure and simple, your data monetization.
Now the researchers at Apteco have revisited Apple’s privacy labels to find out “who’s collecting most of your data” in 2025. The study focused specifically on ‘Data linked to you,’ as this is the type of data that ties directly back to your identity.”
Apteco’s key findings are unsurprising: “Social media apps are the most data hungry,” and the most collected personal data is “contact information (such as your name, phone number and home address).” But the range of harvested data goes far beyond that, as you can see from Apteco’s table reporting the data accessed during testing.
Apteco’s list “is dominated by social media… highlighting how important data collection is to these types of platforms in order to customize content to show things such as posts and friend suggestions [and] which build detailed social profiles.”
Apteco’s top-1o list is dominated by global brands with apps installed by hundreds of millions if not billions of users. This isn’t a call to delete those apps — albeit you should be aware of the data they’re collecting while running on your phone.
Instead, you should update the permissions granted to apps on this list, deciding if you want to give them blanket access to location and other sensitive data. You should also be aware that when you operate within the confines of an app, for example using its own browser, you are not protected by the usual web tracking defenses on your phone.
You don’t need to grant all the permissions requested, and you can limit those permissions that might be needed — such as location — to only apply when using the app or to manually request each time before sharing. You can also restrict location data such that it’s not precise and just gives a general idea of where you are.
Here are instructions for iPhone and Android on how to apply updates.
“The study highlights how extensive data collection has become across a huge variety of apps,” Apteco says. “The sheer scale of data collected highlights why understanding and managing app permissions and data policies is increasingly important for users [who] need to be aware of how to actively manage app permissions and data policies.”