Guest Post: US shopping apps collect more data than Chinese or Canadian rivals
As shoppers gear up for the holiday season, Surfshark investigated the data collection practices of the 10 most popular shopping apps in the US, finding that US-based apps tend to collect more data compared to their counterparts in China and Canada. For example, Amazon collects 25 unique data types out of 35, but among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types.
“Scrolling through tempting deals on Temu, Shein, Amazon, and other shopping apps is a Black Friday tradition for many. However, before downloading any shopping app, people should consider whether they are truly willing to trade their privacy for a discount,” says Miguel Fornes, Information Security Manager at Surfshark. “Many shopping apps collect far more data than people realize, and this extends beyond purchase history. Some apps can even gather sensitive information such as political views, racial background, or biometric and health data.”
The Amazon shopping app is the most privacy-intrusive. It collects 25 unique data types out of 35, Walmart and Costco each collect 23, and Whatnot — another US-based app — collects 20. Among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types, followed by Temu with 17, Aliexpress with 16, and Shein with 15. The Canadian app, Shop, collects 19 data types, which places it on par with the most data-collecting Chinese app.
All the analyzed apps collect information such as email address, name, payment information, physical address, user ID, search history, and product interaction. The majority of these apps also gather device IDs (except for Temu), phone numbers (except for Shein), photos or videos (except for Shop), and location data (except for Shein). Additionally, most of this collected data is directly linked to individual users, enabling these apps to build comprehensive user profiles, which raises privacy concerns.
Some of the data collected by these shopping apps is surprising and even bizarre. For instance, Amazon and Walmart collect sensitive information — which could include political opinions, racial or ethnic background, biometric data, genetic information, sexual orientation, disability status, or pregnancy details. Whatnot and Alibaba collect users’ contacts, such as contact lists from a user’s phone or address book. In addition, Amazon, Walmart, Whatnot, and Alibaba collect users’ voice or sound recordings.
According to Fornes, these abusive data collection practices can be very dangerous if an app is breached and information about a person is leaked. First, leaked bank account information and purchase history can lead to unauthorized charges, identity theft, and significant financial loss. Second, leaked sensitive information – especially sensitive data like political views or health data – can damage your reputation and financial standing, as health data rarely changes and may be used by insurance and healthcare companies. Finally, all this leaked data might fuel subsequent highly personalized phishing campaigns. Therefore, Fornes advises:
Don’t download apps you don’t need. If you only shop on Amazon occasionally, accessing their website through a browser is more private than keeping the app installed. Besides, you may improve your battery or device health by offloading those.
Grant permissions selectively. Only allow access to data essential and directly relevant to the app’s functionality.
Revoke unnecessary permissions. Regularly review and revoke permissions you have granted. For example, go to settings, apps, app name, permissions on iOS, and change them. Remember the app will still work as intended after removing unnecessary permissions, but just triggering some informational notifications.
Read the Privacy Policy and opt out of data sharing. Understand what data the app collects, how it’s used, and with whom it’s shared. Many apps offer options to limit data collection for advertising purposes. Look for these settings.
Strengthen your account security. Use strong, unique passwords; enable two-factor authentication (2FA); consider having a dedicated virtual debit card or escrow payment methods (such as PayPal) for such apps or shopping at less-trusted sites.
This entry was posted on November 18, 2025 at 9:41 am and is filed under Commentary with tags Surfshark. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Guest Post: US shopping apps collect more data than Chinese or Canadian rivals
As shoppers gear up for the holiday season, Surfshark investigated the data collection practices of the 10 most popular shopping apps in the US, finding that US-based apps tend to collect more data compared to their counterparts in China and Canada. For example, Amazon collects 25 unique data types out of 35, but among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types.
“Scrolling through tempting deals on Temu, Shein, Amazon, and other shopping apps is a Black Friday tradition for many. However, before downloading any shopping app, people should consider whether they are truly willing to trade their privacy for a discount,” says Miguel Fornes, Information Security Manager at Surfshark. “Many shopping apps collect far more data than people realize, and this extends beyond purchase history. Some apps can even gather sensitive information such as political views, racial background, or biometric and health data.”
The Amazon shopping app is the most privacy-intrusive. It collects 25 unique data types out of 35, Walmart and Costco each collect 23, and Whatnot — another US-based app — collects 20. Among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types, followed by Temu with 17, Aliexpress with 16, and Shein with 15. The Canadian app, Shop, collects 19 data types, which places it on par with the most data-collecting Chinese app.
All the analyzed apps collect information such as email address, name, payment information, physical address, user ID, search history, and product interaction. The majority of these apps also gather device IDs (except for Temu), phone numbers (except for Shein), photos or videos (except for Shop), and location data (except for Shein). Additionally, most of this collected data is directly linked to individual users, enabling these apps to build comprehensive user profiles, which raises privacy concerns.
Some of the data collected by these shopping apps is surprising and even bizarre. For instance, Amazon and Walmart collect sensitive information — which could include political opinions, racial or ethnic background, biometric data, genetic information, sexual orientation, disability status, or pregnancy details. Whatnot and Alibaba collect users’ contacts, such as contact lists from a user’s phone or address book. In addition, Amazon, Walmart, Whatnot, and Alibaba collect users’ voice or sound recordings.
According to Fornes, these abusive data collection practices can be very dangerous if an app is breached and information about a person is leaked. First, leaked bank account information and purchase history can lead to unauthorized charges, identity theft, and significant financial loss. Second, leaked sensitive information – especially sensitive data like political views or health data – can damage your reputation and financial standing, as health data rarely changes and may be used by insurance and healthcare companies. Finally, all this leaked data might fuel subsequent highly personalized phishing campaigns. Therefore, Fornes advises:
For the complete research material behind this study, visit here.
Share this:
Like this:
Related
This entry was posted on November 18, 2025 at 9:41 am and is filed under Commentary with tags Surfshark. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.