By Matt Golabek & Trevor Morgan 

From calorie counters to food delivery services to secret and deceptive “vaults” to hide info from parents, millions of humans are tethered to smartphones as if they were their only lifeline. With the convenience, however, comes potential risks for the user.

IBM’s Cost of a Data Breach Report 2019 identified the following startling figures:

  • Average total cost of a data breach: $3.92 million;
  • Average size of data breach: 25,575 records;
  • Time to identify and contain a breach: 279 days;
  • Highest country average cost: United States, $8.19 million; and
  • 2019 odds of a data breach within two years: 29.6%, up from 27.9 in 2018.

While these data critically inform decisions and actions taken by CEOs, investigative analysts, and cybersecurity professionals in an effort to protect a company’s assets, they are also important to the average consumer.

Take for example, the popular app, MyFitnessPal. In February 2019, it was reported that 151 million accounts were breached and being sold on Dream Market, a nefarious site on the anonymous Dark Web where drugs, stolen data, and counterfeit consumer goods were being sold. It closed “shop” a month later, with rumors that law enforcement had been breathing down its cyber neck. Another popular app, DoorDash, had a data breach of 5 million records in 2019.

This new Hg blog series is based on our February FactSheet, What the APP?! Top Social Media APPS and the Lowdown on What Info They Collect, in which our seasoned analysts compiled a list of popular apps used by teenagers and adults to better inform readers of what information each app is collecting. You can download the full FactSheet for free, and we encourage you to share it with others.

This week, we review 12 popular teen apps.


Blendr

Blendr is a popular dating app used by teenagers. To become a member, one must provide information such as date of birth, geolocation, and personal pictures. Users can unwillingly post photos that include identifying information such as a street sign, house number, or license plate—posing potential risk from potential harassers or unsolicited parties. View its privacy policy.

Chatous

Chatous is a global social networking app, which allows people to chat anonymously about anything through a matching system. Minimum age is 17 years, but there is no verification process to confirm a user’s real age. It is considered inappropriate for children and teenagers due to its anonymous nature and reporting of anonymous individuals seeking contact with young girls and boys. Visit its privacy policy.

FaceApp

Developed by Wireless Lab, a Russian company, FaceApp is used to change facial expressions, age, and gender. By using this age-enhancing photo app, users grant this app a license to use, reproduce, modify, publish, and display user content, cookies, log files, and location in all media formats and channels now known or that will be later developed. View its privacy policy.

Hinge

Hinge is a dating app that is popular with a younger audience. With permission, this dating app allows exact geo-location through GPS, Bluetooth, and WiFi to locate potential matches. Hinge also collects a user’s device information, such as IP address and service provider. Facebook information can also be linked to the account, should the user opt in. View its privacy policy.

Houseparty

Houseparty is a stop gap measure for teens wanting to connect with friends on social media but cannot because they don’t reach minimum age requirements. On Houseparty, teens converse, share, and chat—nothing abnormal. However, cyber bulling is of concern on this app, so parental oversight is an important mechanism to stamp out behaviors that can leave lasting psychological impacts on those taunted by their peers. View its privacy policy.

Omegle

Popular amongst teenagers, Omegle opens the door to anonymous chats with strangers around the world. While the app connects people across language, culture, and national boundary, child predators have been known to use this app, making the multi-cultural exchange a risky one. View its privacy policy.

Pokémon Go

Pokémon Go is one of the most popular interactive games for teenagers. When downloaded, it collects information regarding device type, operating system, device ID, and precise geo- location data. View its privacy policy.

Secret Calculator ++

This app appears to be the icon for standard smart phone calculator. However, it is far more than that. With a personal passcode, the user can unlock an array of hidden files, including inappropriate pictures, notes, and videos. There are many apps similar to this, ranging from Calculator apps to those simply branded as photo vaults. Teenagers and pre-teens alike frequently use these apps to hide content from parents, teachers, and guardians. View its privacy policy.

TikTok

With a mission to “inspire creativity and bring joy,” TikTok is one of the most popular video recording apps for youths. While it may generate artistic expression, it can also collect personal information and data, including contact information, content, IP address, and geo-location. It also gathers one’s private messages. View its privacy policy.

Vault

Vault is another inconspicuous app allowing a child to hide their private photos and videos. This app takes security to another level by requiring a password to enter the app itself and further encrypting albums within the app with passwords. Trying to enter the app and enter the wrong password? Smile and say “cheese” because Vault will take a picture of the “intruder’s” face allowing its user to see who was entering. This is one of the many sneaky apps a child can use. View its privacy policy.

VSCO

VSCO, a popular photo sharing and editing app, is often linked to a user’s social media profiles. Distinguishing backgrounds, such as house numbers, a popular shopping area and parking lot, or a school stadium are captured in the background of the user’s photos—providing location clues to nefarious strangers. View its privacy policy.

Whisper

This social “confessional” app is popular amongst teenagers. Essentially, Whisper is a chat board like Reddit, where anyone can anonymously post photos and video messages. A teenager can be at risk, because her/his exact location is identifiable to friend and stranger through the app’s geo-location technology. View its privacy policy.

 Matt and Trevor are investigative analysts at Hetherington Group, where they use their open source research skills to extract data from social media accounts, conduct risk assessments, and monitor subjects for clients in pharma, tech, retail, and entertainment. Both are contributing writers to Hg’s Data2Know, Industry Undercover, and OSINT Slack channels. On their lunch breaks, they can be found outside playing frisbee with their four-legged colleagues.