The average smartphone user has more than 80 apps installed, and many of them are quietly collecting and selling your personal data to advertisers, analytics companies, and data brokers. Your location history, contacts, browsing habits, health data, and financial information are all potential commodities. The good news is that you have more control than you might think. Here is how to shut down the data pipeline.
What Data Are Your Apps Collecting?
Before you can stop apps from selling your data, it helps to understand what they are taking. Modern smartphone apps can collect a staggering amount of information, often far beyond what is necessary for the app to function.
- Location data: Precise GPS coordinates that reveal where you live, work, worship, seek medical care, and spend your time. Location data is among the most valuable categories for advertisers and brokers.
- Contacts: Your entire address book, including the names, phone numbers, and email addresses of people who never consented to share their information.
- Browsing history: In-app browsers and embedded trackers log which websites you visit and how long you stay.
- Usage patterns: When you open the app, how long you use it, what features you interact with, and how frequently you return.
- Health and fitness data: Step counts, heart rate, menstrual cycle tracking, sleep patterns, and workout history from fitness and health apps.
- Financial data: Transaction history, account balances, and spending patterns from banking and budgeting apps.
- Photos and media: Apps with camera or photo library access can analyze and potentially transmit your images.
How Apps Sell Your Data
Apps rarely sell your data through a direct transaction. Instead, the data flows through several mechanisms that are largely invisible to users.
- Third-party SDKs: Developers embed software development kits from advertising networks, analytics companies, and data brokers directly into their apps. These SDKs collect data independently of the app's own functionality and transmit it to the SDK provider.
- Advertising IDs: Both iOS and Android assign each device an advertising identifier that links your behavior across multiple apps. This ID allows data brokers to build a comprehensive profile of your activity across every app you use.
- Data broker partnerships: Some apps have direct commercial relationships with data brokers, selling raw data or granting API access to their databases in exchange for revenue.
The Real Cost of Free Apps
If an app is free and does not have a clear subscription model, you are almost certainly the product. Free apps generate revenue by selling user data or displaying targeted ads — both of which require extensive data collection. Before installing a free app, ask yourself what the developer's business model is. If the answer is not obvious, assume it is your data.
How to Stop It: Actionable Steps
1. Audit Your App Permissions
Start by reviewing what permissions each app currently has. You will likely find apps with access they do not need.
- iPhone: Go to Settings > Privacy & Security. Tap each category (Location Services, Contacts, Microphone, Camera, etc.) to see which apps have access and revoke it for any that do not need it.
- Android: Go to Settings > Privacy > Permission Manager. Review each permission category and remove access for apps that have no legitimate need for it.
Pay special attention to location, contacts, microphone, and camera permissions. A weather app does not need access to your contacts. A flashlight app does not need your location.
2. Disable Advertising ID Tracking
Your advertising ID is the linchpin that connects your behavior across apps. Disabling it significantly reduces the ability of apps and brokers to build a cross-app profile of your activity.
- iPhone: Go to Settings > Privacy & Security > Tracking and toggle off "Allow Apps to Request to Track." This prevents apps from accessing your IDFA (Identifier for Advertisers).
- Android: Go to Settings > Google > Ads and select "Delete Advertising ID." On newer Android versions, this permanently removes the ID rather than just resetting it.
3. Revoke Unnecessary Permissions
Go through each app individually and ask whether the permissions it holds are truly necessary for the features you use. Common permissions to revoke:
- Location access for apps that do not need it (social media, games, utilities)
- Contact access for apps that have no messaging or calling function
- Microphone access for apps that do not record audio
- Camera access for apps that do not take photos
4. Turn Off Location Services Selectively
For apps that genuinely need location access (like maps or ride-sharing), set the permission to "While Using" rather than "Always." This prevents background location tracking when you are not actively using the app.
5. Delete Apps You Have Not Used in 30 Days
Every installed app is a potential data collection point, even if you never open it. Some apps collect data in the background through background refresh and location services. If you have not used an app in the last month, delete it. You can always reinstall it later if you need it.
6. Check Data Safety Labels Before Installing
Both major app stores now provide data disclosure labels that tell you what an app collects before you install it.
- Google Play: Check the "Data Safety" section on each app's listing page
- App Store: Check the "App Privacy" section, which shows data linked to your identity, data used to track you, and data not linked to you
Use these labels as a first filter. If an app collects significantly more data than its function warrants, look for an alternative.
7. Use Permission Slip by Consumer Reports
Consumer Reports offers a free tool called Permission Slip that sends automated data deletion requests to over 100 companies on your behalf. It is a lightweight way to exercise your privacy rights without manually contacting each company.
8. Opt Out of Data Sharing in App Settings
Many apps bury data sharing controls deep in their settings menus. Look for options labeled "Privacy," "Data Sharing," "Personalization," or "Ad Preferences" within each app. Toggle off any data sharing, personalized advertising, or analytics options you find. Common apps with these settings include Facebook, Instagram, Google, Amazon, and most banking apps.
Warning: Changing Settings Does Not Erase Data Already Sold
Adjusting your app permissions and opting out of data sharing prevents future collection, but it does nothing about the data that has already been sold to data brokers. That information is already in their databases, being bought and sold independently of the app that originally collected it. To address data that is already out there, you need a data removal service that targets brokers directly.
Skip the manual opt-outs
One opt-out won't stop them — brokers relist your data. PrivacyOn removes your info from 100+ sites and keeps it removed.
Start your free scanUse Privacy-Focused Alternatives
One of the most effective strategies is to replace data-hungry apps with privacy-focused alternatives that collect little or no data by design.
- Messaging: Signal instead of WhatsApp or Facebook Messenger — Signal collects virtually no user data
- Browser: DuckDuckGo Browser or Firefox Focus instead of Chrome — both block trackers by default
- Email: ProtonMail instead of Gmail — end-to-end encrypted with no ad scanning
- Search: DuckDuckGo instead of Google Search — no search history tracking
- Maps: Apple Maps (which processes data on-device) instead of Google Maps when possible
Your Legal Rights
Several state privacy laws give you the right to opt out of the sale of your personal data. If you live in a state with a consumer privacy law, you can exercise these rights directly with app developers and the companies they share data with.
- California (CCPA/CPRA): Right to opt out of data sales and sharing, right to delete your data
- Colorado (CPA): Right to opt out of data sales and targeted advertising
- Connecticut (CTDPA): Right to opt out of data sales and profiling
- Virginia, Utah, Texas, Oregon, Montana, and others have enacted similar laws with varying protections
Exercising these rights typically involves submitting a request through the company's privacy portal or sending an email to their privacy team. It is effective but time-consuming when done across dozens of apps.
Close the Loop With Data Removal
Locking down your app permissions is essential, but it only stops the flow of new data. The personal information your apps have already shared with data brokers remains in their databases, available for purchase by advertisers, scammers, and anyone else willing to pay.
PrivacyOn closes this gap by removing your data from over 100 data broker and people search sites where app-collected data ends up. With 24/7 monitoring, PrivacyOn catches re-listings and submits new removal requests automatically — so the data your apps already sold does not follow you forever. Combine app-level privacy controls with data removal from the broker side, and you have a comprehensive strategy for taking back control of your personal information.