75% Of Top Free Apps Are Spying On You — With Messenger, Pinterest And Lyft Leading 2025’s Most Invasive List

An alarming trend has emerged in the realm of mobile applications, with a significant number of popular free apps engaging in covert user monitoring. A recent study indicates that approximately three out of four applications are tracking user data without explicit consent. This revelation comes from a thorough investigation conducted by Tenscope, the organization behind the 2025 App Privacy Index, which scrutinized the data practices of 100 widely used apps in the United States.

Among the findings, Facebook Messenger, Pinterest, and Lyft have been identified as the most egregious violators of user privacy. The research team aimed to uncover not only the types of data collected by these apps but also the design strategies that encourage users to share their personal information. Jovan Babovic, Creative Director and Co-founder of Tenscope, noted, “Good design empowers users, but what we found is a landscape where design is often used to manipulate them.” This report serves as both a wake-up call for transparency and a resource for consumers seeking to regain control over their digital identities.

Key Discoveries

The study revealed several critical insights into the current state of online privacy:

• Tracking Is Widespread: A staggering 75% of the top 100 free apps collect data specifically to track users across various applications and websites for advertising purposes.
• Messenger Is The Main Offender: Scoring a perfect 100 out of 100 on the index, Messenger from Meta stands out as the most invasive app, gathering over 20 times the data of some of the more privacy-conscious applications.
• Your Journey Is Being Monitored: Lyft, the popular ride-sharing service, ranked third in terms of data privacy concerns, amassing more information than both Amazon and Google Maps.
• Privacy Is Achievable: The research also highlighted apps that excel in functionality while collecting minimal data, such as ParentSquare (score of 4) and Microsoft Edge (score of 11), showcasing that privacy-respecting designs are indeed possible.

The Most Invasive Apps of 2025

1. Messenger – Invasiveness Score: 100/100
2. Pinterest – Invasiveness Score: 72/100
3. Lyft – Invasiveness Score: 69/100
4. Amazon Shopping – Invasiveness Score: 68/100
5. DoorDash – Food Delivery – Invasiveness Score: 66/100
6. Duolingo – Invasiveness Score: 65/100
7. Google Maps – Invasiveness Score: 60/100
8. WhatsApp Messenger – Invasiveness Score: 60/100
9. DoorDash – Dasher – Invasiveness Score: 58/100
10. Expedia – Invasiveness Score: 58/100

These applications have received the highest ratings for invasiveness, indicating a significant risk to user privacy. Babovic explains, “The highest-scoring apps have one thing in common: their business model relies on knowing as much about you as possible.” The user experience is often designed to normalize the exchange of personal data, making requests for sensitive information feel like an integral part of the service.

The 10 ‘Most Private’ Apps of 2025

1. TeaOnHer – Invasiveness Score: 0/100
2. ParentSquare – Invasiveness Score: 4/100
3. Tea – Invasiveness Score: 5/100
4. PowerSchool Mobile – Invasiveness Score: 6/100
5. Sleeper – Invasiveness Score: 7/100
6. Bible Chat – Invasiveness Score: 8/100
7. ReelShort – Invasiveness Score: 10/100
8. DramaBox – Invasiveness Score: 10/100
9. Claim – Invasiveness Score: 10/100
10. Microsoft Edge – Invasiveness Score: 11/100

In stark contrast, these applications demonstrate that it is possible to deliver robust functionality while requesting minimal access to sensitive user information. Babovic emphasizes, “What this list proves is that data collection is a choice, not a necessity.” These companies have prioritized user trust by designing their platforms to operate effectively without unnecessary data harvesting.

Spotting Deceptive Design Patterns

The research also identified several common design tactics that pressure users into granting excessive permissions:

• ‘All or Nothing’ Consent: This tactic groups multiple unrelated permissions into a single request, compelling users to accept all or forfeit key app features.
• Vague and Just-in-Time Requests: Apps often delay permission requests until users attempt to access specific features, making it easier to inadvertently grant permanent access.
• The Hidden Settings Maze: Reclaiming permissions is often made unnecessarily complex, with privacy settings buried deep within convoluted menus, discouraging users from managing their data.

The Complete 100-App Ranking

The complete ranking of the 2025 App Privacy Index reveals the varying levels of invasiveness among popular applications:

1. Messenger – Invasiveness Score: 100/100
2. Pinterest – Invasiveness Score: 72/100
3. Lyft – Invasiveness Score: 69/100
4. Amazon Shopping – Invasiveness Score: 68/100
5. DoorDash – Food Delivery – Invasiveness Score: 66/100
6. Duolingo – Invasiveness Score: 65/100
7. Google Maps – Invasiveness Score: 60/100
8. WhatsApp Messenger – Invasiveness Score: 60/100
9. DoorDash – Dasher – Invasiveness Score: 58/100
10. Expedia – Invasiveness Score: 58/100

Research Approach

To compile the index, Tenscope’s researchers conducted an exhaustive analysis of the 100 most popular free applications available on the US Apple App Store as of August 2025. This involved a detailed review of each app’s permission disclosures listed in the ‘App Privacy’ section. The index was constructed using a tiered, weighted system, where each unique data point was assigned points based on its category: three points for ‘Data Linked to You’ permissions, two points for ‘Data Used to Track You,’ and one point for ‘Data Not Linked to You.’ The resulting scores were normalized on a scale from 0 to 100, with 0 representing the most private app and 100 indicating the least private.