Reddit Is Stealing a F*** TON of your Data
If you're an Android user, Reddit and a variety of other apps are stealing a ton of your data and sending it to third-parties. Info like your phone make and model, unique identifiers, email addresses, GPS coordinates, gender info, and more are all being delivered to a variety of companies that you may have never even heard of. Big tech companies are always in the news and in court for these kinds of things so we all should be aware that something like this is happening behind the scenes on apps, especially ones that are “free”, but what blew my mind was the amount of times the apps actually attempt to access our info and how many third-party apps this info is being sent to.
Now I understand the need for basic analytics and site usage data. That sort of data is important to any company or online brand. But to take so much data that random, not affiliated, pizza companies can send us an email as soon as we think about pepperoni is overstepping boundaries.
Before I get started let me say that I have not been paid to write this and this post contains no affiliate links that I could benefit from. I'm just talking about my personal experience with some free software.
So at about 6am Saturday morning...
I downloaded the DuckDuckGo browser because I read about a new feature they're testing out on android that blocks apps from sending personal info to third-parties. I activated the feature and left my phone to do it's thing for about 12 hours. Periodically I'd checked in on the app and saw sort of what I expected. By the end of the day about 8-10 apps were running in the background and attempting to send data to third-parties:
Instander, which is an Instagram alternative that blocks ads and gives you developer tools, only seems to attempt to send usage, advertisement, and identification info to Facebook; which is expected. It made about 1917 attempts to send data in this time. I use this app pretty often so I'm not that surprised.
Messenger, Facebook... er I mean Meta's direct messaging app, sends data to comScore which is an analytics and marketing data collection app. It made about 14 attempts which is pretty humble in my opinion.
Ring, a surveillance company owned by Amazon, sends data to Mapbox which is a map provider. It made 154 attempts which is not surprising as it's pretty much supposed to track your location.
A banking app, which I will keep private for my own safety, attempted 11 times to send quite a bit of my data to Adobe which is pretty puzzling. There are no ads in the app and I don't use adobe products on my phone so why is a bank sending data to Adobe? After a bit of research I found that a few banking companies are using Adobe Experience Platform to collect data and provide analytics. Nothing too wild but still pretty invasive. DDG says that Adobe typically collects 20 points of data that includes extensive device information, email addresses, and GPS coordinates.
Ironically the AdBlock Browser, which is a browser that blocks ads, attempted 104 times to send info to Google, Microsoft, and a few other analytics companies. I used this app for maybe 10 minutes today.
Citizen, which is a crime reporting app similar to Ring, attempted 62 times to send data to Branch Metrics and Adjust, a mobile metrics company.
AZ Screen Recorder attempted 324 times to send a host of data to Google.
And finally (drum roll please) Reddit who attempted 49,190 times to send data to Google, Adjust, Branch Metrics, The Nielsen Company, Neustar, and Tapad. I used Reddit for about 10 minutes today but while running in the background it made non stop attempts to send data reports.
After seeing what Reddit was attempting to do, I disabled the app and the numbers stopped moving so this number of attempts is NOT from a full 12 hours of background activity. I reactivated the app a few times throughout the day to record the numbers in action so you could see how active Reddit actually is. It's basically a data miner first and social app second. I eventually uninstalled Reddit all together because even with DuckDuckGo's tracker protection I don't need that sort of threat to my privacy on my phone, plus Reddit seems to be getting worse in general as days go by.
DuckDuckGo's App Tracking Protection works similar to a VPN except it isn't a VPN. It's capable of intercepting transmissions to third-parties before the data leaves your phone. It only protects you from third-parties and not the first-party owner of the apps. So it won't stop Facebook data from getting back to Facebook but it can potentially block Instagram Data from getting back to Facebook. According to DDG it does not send the intercepted data back to DuckduckGo HQ, so you shouldn't have to worry too much about that, however I wouldn't be surprised if we hear about the opposite sometime in the future.
We're entering an era where we can no longer ignore the fact that our data is being siphoned and used against us. These companies are taking our data and selling it to advertisers, government organizations, research companies, and other data companies that then resell the info to even more companies and organizations. Advertisers suck but they're actually the least of our worries. In a world where protesters are being targeted for demonstrating, journalists are being targeted for investigating, and individuals with beliefs that contradict the propaganda machine are being targeted for sharing information we need to be extremely cautious about who (or what) we give our data to.
I recommend that if you have an Android phone you should check out the Duckduckgo Browser app and try out this tool to see how much of your info is being auctioned off. I am NOT sponsored by Duckduckgo and was not told to do this post. I also recommend that you ditch the Reddit app (trust me you won't be missing anything) and instead using Reddit via a privacy-based browser.