Top 200 iOS Apps

As a person obsessed with providing people with resources to understanding online privacy, I decided to track and score the 200 most popular apps on iPhone, and track their privacy policies.  Here's part of the blurb I wrote for the website (alongside some additional insights I gathered from this data).

Using the categories that Apple provides developers to fill out when submitting apps, we have a good collection to get an idea of what data could be collected. Now, it’s worth noting that not all the data is collected within each category, and sometimes the data will be anatomized, so here are the rules I set:

1. If data is collected, but it is not linked to you, it does not count, as it’s not a risk to you.
2. If data is collected, and the category is both linked to you and not linked to you, it will count, as part of it is a risk to you.
3. If data is collected, and it is linked to you, it will count, as it is a risk to you.
   

It’s also worth pointing out that not all data has the same amount of risk. For example, diagnostic data is really helpful for developers to understand why an app might be acting up, but if they experienced a data breach, that data wouldn’t be beneficial to outside sources, so it’s low risk. On the other hand, sensitive data contains anything within this description from Apple:

“Such as racial or ethnic data, sexual orientation, pregnancy or childbirth information, disability, religious or philosophical beliefs, trade union membership, political opinion, genetic information, or biometric data.”

That data is far riskier, it could be sold to advertisers to make a profile on you, it could be used against you in a plethora of ways, and it's generally far riskier than most other types of data.

Because of the variety, I have added weights to certain categories. The lower the number, the lower the risk to your personal data. Now again, these categories might contain only part of the criteria from the full description, but to keep things simple, we will just count the entire category, and not the individual criteria.

I also want to talk about the "Other Data" category. This one is weird, because it could be stuff related to a hardware accessory that might not qualify data from the app itself. For example, the Ring doorbell isn't technically collecting user content, because the content isn't from your phone, it's from their hardware, so the "Other Data" category is used. I struggled to come up with a reasonable middle ground weight for this, so I landed on 3, because it can be fine, and it can also be pretty bad.

Here is a link to the page that contains the list: https://rejectconvenience.com/200-apps/

The scale here is 1-10, and you can also see these categories by searching for the app within the App Store and scrolling down to the privacy section. If you click into it, it will give you some more detail. Another helpful resource is Apple's own Privacy Definitions and Examples page, linked here: https://apps.apple.com/us/story/id1539235847

Here is also the forum post if you'd like to add to the discussion: https://rejectconvenience.com/forum/viewtopic.php?p=208

Some fun insights I found:

• There are only 5 apps in the top 200 free apps that do not collect or link data to you
• There are only 5 apps in the top 50 most downloaded free apps that have not had a data breach
• Of those 5 apps, 3 did not exist 2 years ago
• The worst scored paid app for privacy collects 3 times less data than the worst scored free app
• The worst scored free apps are all from Meta (go figure)
• Out of the first 100 most downloaded free apps, only one does not collect or link data to you
• There are 107 worse scored free apps than the worst paid app (in the list)