Data privacy: shopping and food delivery apps track most data

Apps, News, Websites


  • Shopping and food delivery apps, notably Amazon Shopping and Wish, are most data-hungry.
  • Amazon Shopping collects most data points in its category, Wish leads in linking and tracking user data.
  • On average, shopping and delivery apps collect 21 out of 32 possible data points.
  • Facebook and Instagram top the list of privacy-invasive apps, collecting all 32 data points.

In a revealing study of 100 popular apps, Surfshark’s Research Hub has identified shopping and food delivery apps, particularly Amazon Shopping and Wish, as leading the way in user data collection.

More than a third of shopping & food delivery category apps’ data is tracked (such as shared with a third-party advertising network or data brokers). Research is aided by a free App privacy checker tool where users can select the specific apps they have on their phone and receive a report on the extent of data collection.

“Analyzing 100 popular apps on the App Store, we’ve found a concerning trend: nearly 20% of collected data is used for tracking. Such tracked data can be shared with third-party advertisers or data brokers, who use it to deliver personalized ads targeting the users, or aid companies in market research,” says Agneska Sablovskaja, Lead Researcher at Surfshark. “Understanding an app’s privacy policy is crucial for safeguarding digital autonomy.”

Shopping and food delivery apps collect more data points than average  

On average, shopping and delivery apps collect 21 out of 32 possible data points. Moreover, these apps link the most data to the user — 95% of collected data points are linked to the user’s identity. Also, such apps tend to use collected data to track the user the most — a third of collected data points are used for these purposes.

Wish could be named the most data-hungry app within shopping & food delivery apps category, collecting 24 out of 32 data points, linking almost all data points to the user’s identity, and using over a third of data to track its users. That’s considerably more than the average of 15 collected data points across all 100 examined apps. Around 40% of data points collected by Wish and DoorDash are used to track the user, including email address, precise location, and purchase history. 

Out of the analyzed shopping & food delivery apps, only one — Amazon — does not use data to track its users. But it collects most of the unique data about the user (25 of 32 possible data points), and also all the collected data is linked to the user’s identity.  

If we look at food delivery apps specifically, Uber Eats stands out as tracking (sharing with third parties) the most data points out of the collected (12 out of 21), such as phone number, physical address, search history and more. 

Around half of the 100 analyzed apps collect search history and precise location

1523 data points are collected across 100 of the most popular apps. Statistically speaking, that’s an average of 15 unique data points per app out of the 32 unique data points defined by Apple. Around 90% of the apps collect usage, diagnostic, and identifier data such as product interaction, user ID, device ID, crash and performance data. Most are essential for their app functionality.

Two-thirds of the apps collect your name and coarse location, and nearly half collect your precise location. Coarse location is a more general estimation of where you are, while precise location is more detailed and accurate. Over a third of the apps collect your contacts, and a fifth collect your emails or text messages and browsing history.

Facebook and Instagram are the two most privacy-invasive apps. Both apps collect all 32 data points defined by Apple and are the only two to do so. Signal is also the only social media and messaging app to make the top 10 most privacy-sensitive list. It is the second least data-hungry app, collecting just 1 data point (phone number) that is not linked to you or used to track you.

Before downloading apps, it is recommended to check the developer’s reputation and data retention policies and pay attention to constant permission requests to access contact list, camera, storage, location, and microphone and limit the app’s access to information only when the app is in use.

Chris Price
For latest tech stories go to