75% Of Top Free Apps Are Spying On You — With Messenger, Pinterest And Lyft Leading 2025's Most Invasive List
Tenscope's study of the 100 most popular US applications revealed several vital trends about the state of online privacy
An increasing number of top free apps are secretly monitoring their users, with three in every four applications tracking user data without consent.
A recent study has shed light on the most invasive apps of 2025, revealing that Facebook Messenger, Pinterest and Lyft are the worst offenders when it comes to compromising user privacy. But what exactly are they tracking, and what can you do to protect yourself?
A team of researchers at Tenscope, the company behind the 2025 App Privacy Index, meticulously examined 100 of the most popular free applications in the US. Their goal was to understand not only what information these apps collect but also how their design influences people to share it.
The findings reveal a concerning pattern of 'deceptive design', characterised by complex interfaces and confusing wording that are used to obtain our most private information.
'Good design empowers users, but what we found is a landscape where design is often used to manipulate them', states Jovan Babovic, Creative Director and Co-founder of Tenscope. 'This report isn't just a list; it's a call for greater transparency and a guide for consumers to reclaim control of their digital identity.'
Key Discoveries
Tenscope's study of the 100 most popular US applications revealed several vital trends about the state of online privacy.
Tracking Is Widespread: A shocking three-quarters (75%) of the top 100 free apps gather information specifically to track people across other applications and websites for advertising.
Messenger Is The Main Offender: With a perfect score of 100 out of 100 on our index, Messenger from Meta is the most invasive app on our list. It gathers more than 20 times the weighted data of some of the most private apps we analysed.
Your Journey Is Being Monitored: It's not just social media applications. Lyft, the well-known ride-sharing app, was ranked the third worst for data privacy with a score of 69, collecting more information than the shopping giant Amazon and even Google Maps.
Privacy Is Achievable: Our research also found apps that provide excellent features while collecting very little data. Applications such as ParentSquare (with a score of 4) and Microsoft Edge (with a score of 11) demonstrate that it is possible to create a design that respects privacy.
The Most Invasive Apps of 2025
1. Messenger
Invasiveness Score: 100/100
2. Pinterest
Invasiveness Score: 72/100
3. Lyft
Invasiveness Score: 69/100
4. Amazon Shopping
Invasiveness Score: 68/100
5. DoorDash - Food Delivery
Invasiveness Score: 66/100
6. Duolingo
Invasiveness Score: 65/100
7. Google Maps
Invasiveness Score: 60/100
8. WhatsApp Messenger
Invasiveness Score: 60/100
9. DoorDash - Dasher
Invasiveness Score: 58/100
10. Expedia
Invasiveness Score: 58/100
The applications listed above were given the highest ratings by Tenscope, indicating that they demand the most intrusive and sensitive user permissions. The higher the score, the more significant the privacy risk to the user.
'The highest-scoring apps have one thing in common: their business model relies on knowing as much about you as possible', Babovic explains. 'The user experience is often crafted to normalise this exchange, making constant requests for your location, contacts and financial info feel like a necessary part of the service.'
The 10 'Most Private' Apps of 2025
1. TeaOnHer
Invasiveness Score: 0/100
2. ParentSquare
Invasiveness Score: 4/100
3. Tea
Invasiveness Score: 5/100
4. PowerSchool Mobile
Invasiveness Score: 6/100
5. Sleeper
Invasiveness Score: 7/100
6. Bible Chat
Invasiveness Score: 8/100
7. ReelShort
Invasiveness Score: 10/100
8. DramaBox
Invasiveness Score: 10/100
9. Claim
Invasiveness Score: 10/100
10. Microsoft Edge
Invasiveness Score: 11/100
In contrast, these apps provide excellent functionality while only requesting minimal access to sensitive user information. They set a standard for what a privacy-aware design can achieve.
'What this list proves is that data collection is a choice, not a necessity', Babovic adds. 'These companies have prioritised user trust by designing their platforms to function effectively without harvesting unnecessary information. It's a fundamentally different approach to user experience.'
Spotting Deceptive Design Patterns
Tenscope's research uncovered several common user interface tricks designed to pressure people into granting more permissions than is necessary.
'All or Nothing' Consent: This is when an app groups together multiple unrelated permissions into a single request. For example, a photo editing app might ask for access to your contacts and location at the same time it asks for your photos. This design forces you to accept everything in one go or lose the app's main features.
Vague and Just-in-Time Requests: Apps often wait until you are about to use a specific feature before asking for permission. For instance, a social media app might not request microphone access until you tap the 'record video' button for the first time. While this 'just-in-time' request seems reasonable in the moment, it gets you to grant permanent access for a one-off use.
The Hidden Settings Maze: Taking back permissions you've already granted is often deliberately made complicated. Privacy settings are often hidden deep within menus with confusing labels, discouraging people from managing their data after the initial setup.
The Complete 100-App Ranking
Presented here is the complete, ranked list from the 2025 App Privacy Index.
Messenger
Invasiveness Score: 100/100
Invasiveness Score: 72/100
Lyft
Invasiveness Score: 69/100
Amazon Shopping
Invasiveness Score: 68/100
DoorDash - Food Delivery
Invasiveness Score: 66/100
Duolingo
Invasiveness Score: 65/100
Google Maps
Invasiveness Score: 60/100
WhatsApp Messenger
Invasiveness Score: 60/100
DoorDash - Dasher
Invasiveness Score: 58/100
Expedia
Invasiveness Score: 58/100
Invasiveness Score: 57/100
Invasiveness Score: 57/100
PayPal
Invasiveness Score: 54/100
Invasiveness Score: 54/100
Sam's Club
Invasiveness Score: 53/100
eBay
Invasiveness Score: 52/100
Gmail
Invasiveness Score: 52/100
Depop
Invasiveness Score: 51/100
Twitch
Invasiveness Score: 49/100
Airbnb
Invasiveness Score: 49/100
Invasiveness Score: 48/100
Snapchat
Invasiveness Score: 47/100
Paramount+
Invasiveness Score: 47/100
Planet Fitness
Invasiveness Score: 47/100
Walmart
Invasiveness Score: 47/100
Target
Invasiveness Score: 46/100
HBO Max
Invasiveness Score: 46/100
X
Invasiveness Score: 44/100
Chase Mobile
Invasiveness Score: 43/100
Edits
Invasiveness Score: 43/100
Klarna
Invasiveness Score: 42/100
Whatnot
Invasiveness Score: 42/100
Google Chrome
Invasiveness Score: 42/100
Spotify
Invasiveness Score: 42/100
Ticketmaster
Invasiveness Score: 40/100
Progressive
Invasiveness Score: 39/100
Intuit Credit Karma
Invasiveness Score: 38/100
Venmo
Invasiveness Score: 38/100
Google Authenticator
Invasiveness Score: 36/100
Waze
Invasiveness Score: 35/100
Tubi
Invasiveness Score: 35/100
Google Gemini
Invasiveness Score: 34/100
Ring
Invasiveness Score: 34/100
Canva
Invasiveness Score: 33/100
Cash App
Invasiveness Score: 32/100
Costco
Invasiveness Score: 32/100
CVS Health
Invasiveness Score: 32/100
Life360
Invasiveness Score: 32/100
Microsoft Outlook
Invasiveness Score: 32/100
Threads
Invasiveness Score: 32/100
Indeed Job Search
Invasiveness Score: 31/100
Capital One Mobile
Invasiveness Score: 31/100
Capital One Shopping
Invasiveness Score: 31/100
Google Drive
Invasiveness Score: 31/100
Uber
Invasiveness Score: 30/100
Shop
Invasiveness Score: 30/100
Google Meet
Invasiveness Score: 29/100
MyChart
Invasiveness Score: 29/100
Taco Bell
Invasiveness Score: 29/100
BAND
Invasiveness Score: 29/100
Google Calendar
Invasiveness Score: 29/100
Google Sheets
Invasiveness Score: 28/100
The Roku App
Invasiveness Score: 28/100
Temu
Invasiveness Score: 28/100
Google Docs
Invasiveness Score: 28/100
Lemon8
Invasiveness Score: 28/100
CapCut
Invasiveness Score: 27/100
Chick-fil-A
Invasiveness Score: 26/100
McDonald's
Invasiveness Score: 25/100
YouTube
Invasiveness Score: 25/100
Zelle
Invasiveness Score: 25/100
Zoom
Invasiveness Score: 25/100
Disney+
Invasiveness Score: 24/100
Microsoft 365 Copilot
Invasiveness Score: 24/100
Netflix
Invasiveness Score: 23/100
TikTok
Invasiveness Score: 23/100
Microsoft Teams
Invasiveness Score: 23/100
Amazon Prime Video
Invasiveness Score: 23/100
ChatGPT
Invasiveness Score: 21/100
ClassDojo
Invasiveness Score: 21/100
Discord
Invasiveness Score: 21/100
GroupMe
Invasiveness Score: 20/100
Remind
Invasiveness Score: 20/100
Telegram
Invasiveness Score: 20/100
SHEIN
Invasiveness Score: 18/100
T-Life
Invasiveness Score: 17/100
Microsoft Authenticator
Invasiveness Score: 14/100
Grok
Invasiveness Score: 14/100
Cleanup
Invasiveness Score: 13/100
ReciMe
Invasiveness Score: 12/100
Microsoft Edge
Invasiveness Score: 11/100
Claim
Invasiveness Score: 10/100
DramaBox
Invasiveness Score: 10/100
ReelShort
Invasiveness Score: 10/100
Bible Chat
Invasiveness Score: 8/100
Sleeper
Invasiveness Score: 7/100
PowerSchool Mobile
Invasiveness Score: 6/100
Tea
Invasiveness Score: 5/100
ParentSquare
Invasiveness Score: 4/100
TeaOnHer
Invasiveness Score: 0/100
Research Approach
To build the index, Tenscope's researchers began with a comprehensive analysis of the 100 most popular free applications from the US Apple App Store as of August 2025. Their work involved a meticulous review of every permission disclosure listed in the 'App Privacy' section for each app. The index was then constructed using a tiered, weighted system.
Each unique data point was assigned points based on its category: three points for 'Data Linked to You' permissions, two points for 'Data Used to Track You' and one point for 'Data Not Linked to You'. This raw score was then normalised to a final scale of 0 to 100, where 0 signifies the most private app and 100 is the least private.
© Copyright IBTimes 2025. All rights reserved.
- MOST POPULAR IN Technology
