Apps with the Worst Privacy Grades
10 companies analysed · Sorted by privacy score
These are the lowest-scoring services across every category we've analysed — ranked by overall privacy score from worst to least-worst. What they have in common: broad data collection, extensive third-party sharing, weak user controls, and vague retention policies. If you use any of these, the full analysis explains exactly what you're agreeing to and what you can do about it.
| # | Company | Grade | Score | In plain English | |
|---|---|---|---|---|---|
| 1 | F | 18/100 | TikTok collects your biometrics, keystroke patterns, and even content you record but never post — th…TikTok collects your biometrics, keystroke patterns, and even content you record but never post — then shares data with ByteDance affiliates, advertisers, and researchers. You have limited control and no meaningful way to stop collection while using the app. | → | |
| 2 | F | 22/100 | Meta collects almost everything about you across Instagram, Facebook, WhatsApp, and Threads, shares …Meta collects almost everything about you across Instagram, Facebook, WhatsApp, and Threads, shares it with advertisers, and keeps it indefinitely — including your AI chat conversations which now fuel ad targeting. | → | |
| 3 | F | 24/100 | X collects everything you do on and off the platform, infers your identity even when you're signed o…X collects everything you do on and off the platform, infers your identity even when you're signed out, and explicitly allows third-party 'collaborators' to use your data to train their own AI models. There is no meaningful way to stop the core collection, your public posts are available via API for mass scraping, and security is disclosed only in the vaguest terms. | → | |
| 4 | D | 26/100 | Google tracks almost everything you do online — every search, email, location, video, and website vi…Google tracks almost everything you do online — every search, email, location, video, and website visit — across all their products and millions of third-party sites, then uses it to sell ads. They do give you unusually good tools to review and delete your data, but the defaults collect everything. | → | |
| 5 | D | 32/100 | Meta collects almost everything: what you post, what you look at and for how long, device and locati…Meta collects almost everything: what you post, what you look at and for how long, device and location data, and data from other people and advertisers. They infer sensitive traits and use Meta AI conversations for ad targeting. Data is shared across all Meta products and with advertisers. You can adjust ad preferences and download your data, but you can't stop collection itself. | → | |
| 6 | D | 35/100 | WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it —…WhatsApp's end-to-end encryption genuinely protects your message content, but everything around it — who you talk to, when, how often, your contacts, your device — flows to Meta and is used to build ad profiles across Facebook and Instagram. You can't opt out of the Meta data sharing and still use the app. | → | |
| 7 | D | 36/100 | Uber tracks everywhere you go, records your calls, photographs your face, and buys demographic profi…Uber tracks everywhere you go, records your calls, photographs your face, and buys demographic profiles from data brokers — then feeds all of it into a vast advertising machine that includes Meta and TikTok. You can limit some collection but you can't use the service without surrendering your location and trip history for up to seven years. | → | |
| 8 | D | 38/100 | LinkedIn builds a remarkably detailed professional and personal profile from everything you do on an…LinkedIn builds a remarkably detailed professional and personal profile from everything you do on and off the platform — including inferred age, gender, salary, and seniority — then shares it with Microsoft, advertisers, and third-party partners. Your data persists even after account closure, your public activity is fed into Microsoft's broader ad ecosystem, and there is no way to opt out of non-personalised ads. | → | |
| 9 | D | 39/100 | Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers …Samsung's data appetite is unusually broad for a hardware maker: voice recordings stored on servers with potential third-party retention, keyboard input logging via Predictive Text synced across devices, and persistent hardware identifiers that survive ad-ID resets. The company explicitly acknowledges that sharing with business partners may constitute a data sale under US law (CCPA). Full GDPR-grade rights are reserved for EEA/UK/Swiss residents; everyone else gets basic access and deletion with no response-time commitments. Retention timelines are vague and there are no named security certifications or breach notification windows. | → | |
| 10 |  Amazon | D | 40/100 | Amazon builds a detailed picture of everything you buy, watch, say to Alexa, and do in their physica…Amazon builds a detailed picture of everything you buy, watch, say to Alexa, and do in their physical stores — then uses it to sell you ads. They don't sell your data to others and have real security certifications, but the sheer breadth of collection across shopping, voice, surveillance cameras, and credit history is hard to escape if you use their services. | → |
How we grade·Each company is scored 0–100 across four pillars: data collection, third-party sharing, user controls, and policy promises. The overall grade maps to the score band. → Read the full methodology