Home of internet privacy

Delete these now: The worst apps for privacy in 2020

As we reach the finish line for 2020, we suggest a New Year’s resolution of paring down your mobile apps.

Every app you download carries privacy risks, which vary greatly depending on each app maker’s data-collection practices.

(For the record, ExpressVPN has a stringent privacy policy that ensures your privacy is protected to the highest levels.)

Let’s take a look at some of the apps with dubious track records and reputations, and that you should rid yourself of to start 2021 with a clean slate.

[Get privacy tips sent to your email. Sign up for the ExpressVPN Blog Newsletter.]

Apps to delete before 2021

1. Facebook and Messenger: We meet again
2. FBI FitTest: Yes, that FBI
3. WeChat: We won’t
4. TikTok: Nope, block!

1. Facebook and Messenger

Hello Facebook, my old friend, you’ve breached my privacy again. As with last year, Facebook has somehow managed to mishandle user data again.

Earlier this year, Facebook’s Bug Bounty Program paid out one of its largest bounties ever to Natalie Silvanovich, a security researcher at Google Project Zero. Silvanovich won 60,000 USD following her discovery of a bug in Facebook Messenger that could allow for attackers to potentially listen in to certain audio calls.

Furthermore, over 5,000 developers were accidentally given access to user app data—even if said users were inactive and the permissions had already been rescinded. It was announced that this flaw provided third-party app developers with extended permissions to user data outside of the 90 days of inactivity cut off.

Facebook has also recently announced a policy change whereby it must notify any third-party developers of vulnerabilities discovered in Facebook’s code. While notification has been standard in the past, this policy change formalizes this process.

If you really need to keep up with your correspondence, perhaps just opt for Facebook on desktop? Better yet, why not get rid of your Facebook profile altogether and try a more secure messaging app like Signal?

2. FBI FitTest

You read that correctly. The FBI has a fitness app. What?

When people first started staying home because of Covid-19 earlier this year, the FBI tweeted out an invitation to download its FitTest app.

Touted as being an inside look into how users can achieve the physical requirements of an FBI special agent, the FitTest app is designed to run users through a series of exercises that match the bureau’s standards.

Unsurprisingly, there’s been no shortage of detractors advising the general public not to download the app due to a variety of privacy concerns. These include, but are not limited to, the app’s request for permission to have a user’s activities “monitored and recorded” and the ability to modify or delete any images or media files.

Compounding this is an extremely vague set of wording in the privacy policy about what data is collected and how it is used.

3. WeChat

More than just a messaging app, WeChat is also a social media platform and mobile payment app rolled into one. While that may sound convenient on the surface, there are caveats to these offerings—namely that for such a prevalent messaging platform, it doesn’t utilize end-to-end encryption. It also doesn’t help that there is some uncertainty as to how WeChat actually functions behind the scenes.

In the nine years that it has been around, WeChat has been no stranger to controversy. It has, in one way or another, been banned or restricted in India, Russia, and Iran. This year, a security research group found that WeChat monitored messages of its global users—which frankly wasn’t all that surprising.

In September 2020, the energy company Chevron requested that all of its global employers remove WeChat from their work phones over security concerns, labeling it a “non-compliant” application. Any employees who failed to comply with the request would have their access to internal Chevron systems removed.

4. TikTok

Since its inception, the wildly popular video-sharing social networking platform has repeatedly come under fire. Among the issues consistently raised, privacy and censorship top the list. It has, in one way or another, been banned or restricted in India, the U.S., Indonesia, Bangladesh, Armenia, and Pakistan.

TikTok’s privacy policy states that the following is collected from its users: IP addresses, usage statistics, location data, and keystroke pattern information.

In January 2020, TikTok confirmed that attackers could potentially access user accounts through SMS. This could be achieved with a spoofed message to a user that would include a fake TikTok URL which if clicked, would open up the user to an attack.

In July 2020, Wells Fargo employees were advised to remove TikTok from their work phones over security concerns.

Perhaps the biggest concern is that children make up a large part of TikTok’s user base. There are growing concerns over what data is stored and collected from its underage users across the world. TikTok has already been issued fines over allegations that they’ve collected personal information of children under 13 without gaining parental consent.

Still concerned about your apps?

This year may have been a bust in many ways, but 2021 doesn’t have to be! Get a head start on your New Year’s resolution by reviewing exactly what permissions you’ve allowed for each app on your phone. It may be a cumbersome process but it’ll be worth having that peace of mind that your data is safe. Here is our guide on how to change app permissions on your Mac, Windows, iOS, and Android devices.

Let us know what apps you think are (or aren’t) worth getting rid of in the comments below!

Read more: 7 countries are calling for access to your private messages