Personal data isn’t just information; it’s the new gold your phone and its apps profit from harvesting.
Global data creation hit ~149 zettabytes in 2024, projected at 181 zettabytes by end-2025. Your apps can collect and send to its servers everything from your location to behavioural patterns, even keystrokes and proximity sensors – fuelling a $340+B big data market in 2025. But this “gold rush” comes at our expense. Every “Allow” or unchecked Terms of Service (TOS) hands over our private lives for profits, breaches and AI training – often without real consent.
Let’s dive in and take a closer look at how apps farm our data, the TOS traps, and some practical defences for digital resilience.
The Data Gold Rush: For You Personal Info and Behaviours
The Data Gold Rush: For You Personal Info and BehavioursPersonal data’s value skyrocketed in 2025, with the global big data market projected at $103 billion by 2027 driven by AI and targeted ads. Apps harvest it to build “digital shadows” for ad profiles, surveillance and monetisation.
To illustrate, here are some examples of attempted data harvesting by common apps. Observed using the DuckDuckGo App Tracking Protection tool on a stock Samsung device. Results showed that within a minute – Spotify had 228 tracking attempts; AllTrails with 113; and ServiceNSW with 40.
- Spotify: opened app > searched a song > played song in app for 30sec = 228 tracking attempts.
- AllTrails: opened app > searched for a local trail > idled in app for 30sec = 113 tracking attempts.
- ServiceNSW: opened app > logged in > idled in app for 30sec = 40 attempts.
These aren’t anomalies; more than 72% of apps track users despite opt-outs, creating profiles sold for $0.0005-$0.01 per datum – but aggregated, a profile can fetch $700+ annually per user.
What ‘Allow’ Really Means: The Permissions Trap
What ‘Allow’ Really Means: The Permissions TrapWhen you click “Allow” it can grant apps invasive access, often beyond their needs. For example, flashlight apps can request mic/location for profiling or calculator apps asking for microphone access to record audio. Risks include data breaches (exploiting permissions for ransomware), profiling (inferring habits for targeted manipulation), and security threats (malware via overreach).
The Fine Print: TOS as Surveillance Contracts
The Fine Print: TOS as Surveillance ContractsTerms of Service (TOS) can be torturous to read, not easy to understand, and can bury data grabs in legalese. For example, Facebook has stored non-user data via shadow profiles, YouTube tracked watch history even after deletion, and TikTok collects biometric identifiers like face and voice data. Implications include waived rights, indefinite retention, and third-party sharing; leading to risks like data breaches and unauthorised surveillance.
Tools to Fight Back
Tools to Fight BackTo assist reclaiming control over your data, these free or low-cost tools can help you scan policies, block trackers, and audit apps before they harvest more. For ultimate protection, consider our Privacy Phones with near zero telemetry (data collection/tracking), app isolation, and more (see FAQ “Why Switch to a PrivacyPros Phone?”).
- ToS;DR (Terms of Service; Didn’t Read): A free tool at https://tosdr.org/en/ – it provides peer-reviewed summaries of TOS/Privacy Policies, graded A-E (A=privacy-friendly, E=high-risk). Great for quick checks, is volunteer-driven with ~70% coverage, and has recent API enhancements. As volunteer-dependent, it’s not exhaustive. A good practice would be to cross-check summaries with the full TOS. As per below; Facebook gets a E-grade for extensive tracking and sharing, while F-Droid (open source app store with our Privacy Phones) earns an A-grade for minimal data grabs.
- PrivacySpy: Open-source rater at https://privacyspy.org/ scores services 0-10 on tracking/telemetry risks, with a browser extension for alerts. Site is responsive on mobile and is regularly community-updated. It tracks policy shifts well, however it can have some subjective scores.
- Exodus Privacy Scanner: Free Android-only app scans installed apps for trackers/permissions, showing leaked data types. Ideal for an app pre-install audit, and pairs well with F-Droid for tracker-free downloads.
- DuckDuckGo (DDG) App Tracking Protection: Built into the free DDG browser app – it uses a local VPN to block ~2,000 third-party trackers (e.g., Google in weather apps). It’s easy to use, no root needed, but it may impact app functionality (e.g., login glitches) and is DNS-based – so it misses some in-app tracking. Battery impact: Minimal for most, but up to 10–20% drain reported on older Androids. It’s a good option if you’re not ready for a DeGoogled phone.
- TrackerControl: Free/open-source advanced blocker app for Android that monitors/blocks per-app trackers via VPN (more granular than DDG). It provides sensor toggles and allows custom whitelists, but can crash apps – test carefully. Good practice would be to install from F-Droid for tracker-free downloads.
- TermsFeed Privacy Policy Generator: Free tier at termsfeed.com can be used for creating compliant TOS/policies if you run an app/site. Auto-updates for Australian Privacy Principles/GDPR and provides quick compliance; however to upgrade for advanced audits it was recently checked in 2025 at $89+/yr.
A good approach is to start with one tool, focus on auditing the top 5 apps you use most, then build from there. For zero-compromise setups that look to end the “gold rush” by Big Tech on your personal data – explore our Privacy Phones.
We have a huge library of other ‘Free Tools’ we recommend – they can provide fresh insights and practical options to strengthen your digital resilience. We know navigating “tech” can be feel daunting, so we’ve crafted them in an easy-to-understand way.
