What your apps actually do.

HIGH Risk

Instagram

68

Meta-owned, 7 trackers, FTC $5B fine - your browsing history funds the ad machine.

HIGH Risk

Facebook

68

Score 68/100 HIGH - $5B FTC fine, €422M GDPR fines, and "severe" data exposure.

MEDIUM Risk

X (Twitter)

52

9 trackers, unencrypted DMs, a 5.4M-user data breach, and aggressive ad profiling.

MEDIUM Risk

Adobe Acrobat

52

Camera, microphone, and 7 ad trackers on a PDF reader - plus a 152M-account data breach.

MEDIUM Risk

Snapchat

51

9 trackers, background location access, and a 2014 breach exposing 4.6M users.

MEDIUM Risk

Messenger

51

9 trackers including AdMob, GPS location on a messaging app, and two Facebook data breaches exposing 500M+ users.

MEDIUM Risk

Telegram

48

71 permissions requested, 4 trackers detected - strong encryption partially offsets aggressive data access.

MEDIUM Risk

Reddit

48

Audio recording, location tracking, and 7 ad trackers on a text-based social platform.

MEDIUM Risk

Binance

47

13 trackers including TikTok SDK and WeChat SDK - your crypto app talks to Chinese ad networks.

MEDIUM Risk

Amazon Shopping

47

11 trackers, background location, and WeChat SDK - Amazon knows where you shop, online and off.

MEDIUM Risk

PayPal

47

13 trackers including Meta SDK and Adjust - your payment app shares data with ad networks.

MEDIUM Risk

Uber

42

57M-user breach cover-up, persistent location tracking, and payment data shared with analytics firms.

MEDIUM Risk

AliExpress

42

Chinese jurisdiction, 5 ad trackers, thousands of vendors accessing buyer data, and opaque data governance.

MEDIUM Risk

Google Maps

41

6 trackers including Meta SDK, background GPS tracking, and contact harvesting on a navigation app.

MEDIUM Risk

WhatsApp

39

E2E encrypted messages, but Meta harvests your metadata - who you talk to, when, and where.

MEDIUM Risk

ChatGPT

38

GPS location, screen capture detection, and ad tracking on a text chat app - plus conversations stored on OpenAI servers.

MEDIUM Risk

Spotify

37

9 trackers, location access on a music app - Spotify profiles your listening and your movements.

MEDIUM Risk

Netflix

34

Microphone and camera on a video player - plus ad-tech integrations that profile your viewing habits.

MEDIUM Risk

Microsoft 365

34

Facebook SDK, Google AdMob, and Microsoft telemetry in your Office suite - plus AD_ID tracking.

LOW Risk

Discord

28

E2E encrypted DMs, but metadata collection and ad-tech SDKs feed behavioral profiling.

LOW Risk

Airbnb

28

Minor permission overreach and 5 ad trackers - standard for a major travel platform.

LOW Risk

Canva

28

Zero dangerous permissions and cloud-based design - minor ad-tech trackers typical of freemium apps.

LOW Risk

Brave Browser

24

Open-source, built-in ad blocker, and only 3 essential trackers - a privacy-first browser.

LOW Risk

Google Docs

22

No dangerous permissions, but Google reads your documents - no end-to-end encryption option.

LOW Risk

Firefox

22

Open-source, non-profit, Enhanced Tracking Protection by default - privacy built into the foundation.

LOW Risk

Outlook

22

Zero dangerous permissions and enterprise-grade encryption - one of the safest email clients scanned.

LOW Risk

Google Wallet

12

Zero dangerous permissions and strong encryption - one of the safest financial apps scanned.

LOW Risk

DuckDuckGo

12

Zero trackers, zero dangerous permissions, zero search history stored - the gold standard for private search.

LOW Risk

Bitwarden

12

Zero trackers, zero permissions, open-source, and end-to-end encrypted - the safest credential manager.