Most Invasive Shopping Apps in 2025

table of contents

Every time you shop online, you're paying with more than just your credit card.

A new study by Tenscope reveals that the top 100 shopping apps in the United States are harvesting unprecedented amounts of personal data, from precise location to browsing history, often sharing this information with third-party advertisers.

The study analyzed privacy policies across America's most popular shopping apps to calculate an "invasiveness score" based on three factors: data used to track you across other apps and websites, data shared with third-party advertisers, and data used for the developer's own marketing purposes.

To identify which shopping apps demand the most access to personal information, Tenscope analyzed the App Store privacy disclosures of the 100 most popular shopping apps in the United States in November 2025. Apps were scored on a 0-100 scale based on the volume and sensitivity of data collected.

Key Findings

Foot Locker is America's most invasive shopping app with a score of 100 out of 100, collecting nine types of tracking data, sharing 13 categories of information with advertisers, and using 15 types of data for its own marketing.
Temu ranks as the #2 most popular shopping app but has an invasiveness score of just 2 out of 100, while Shop by Shopify ranks #3 in popularity with a score of 0 out of 100.
24 apps (24%) share purchase history with third-party advertisers, while 19 apps share email addresses directly with advertising networks.
29 apps use location for promotional purposes, while eight apps share location data with external advertisers.
Nine apps track browsing history across other websites, and 17 apps track search history, including Depop, H&M, and Gymshark.

‍

Foot Locker vs. Dick's Sporting Goods: Same Parent Company, 97-Point Difference

Foot Locker earned a score of 100 out of 100, collecting nine different types of data to track users across other companies' apps and websites, including purchases, financial information, location, search history, browsing history, and usage data.

The app shares 13 categories of personal information with third-party advertisers, including: purchase history, physical address, email address, name, phone number, search history, browsing history, user ID, product interaction, advertising data, and other usage data. Foot Locker also uses 15 types of data for its own promotional purposes.

The contrast becomes particularly striking when compared to Dick's Sporting Goods, which acquired Foot Locker recently. Dick's has an invasiveness score of just 3 out of 100, collecting no data for cross-app tracking and sharing no information with third-party advertisers. Despite both apps being owned by the same parent company and offering similar athletic retail functionality, Foot Locker's data collection is approximately 33 times more invasive than Dick's.

The Popularity Paradox

One of the study's most striking findings is the inverse relationship between app popularity and invasiveness. Temu, the #2 most popular shopping app, scores just 2 out of 100, collecting no cross-app tracking data and only using minimal data for its own marketing. Shop by Shopify ranks #3 in popularity with a score of 0 out of 100.

Meanwhile, Foot Locker ranks #85 in popularity despite the highest invasiveness score. Nordstrom Rack (#72) and AE + Aerie (#66) also sit outside the top 50 most-downloaded apps, suggesting that aggressive data collection may be a competitive disadvantage as consumer privacy awareness grows.

The study identified 30 apps with an invasiveness score smaller than 10, proving that minimal data collection can coexist with popular features like personalized recommendations, saved payment methods, and order tracking.

What Data Gets Shared

Twenty-four apps share detailed purchase history with third-party advertisers, revealing not just browsing intent but actual purchasing behavior. Popular apps sharing purchase history include Depop, eBay, Mercari, Macy's, Etsy, and others.

Nineteen apps share email addresses with third-party advertisers, including lululemon, Etsy, Alibaba.com, Target, and adidas. Ten apps share physical addresses with advertisers: Foot Locker, AE + Aerie, Nordstrom, Kohl's, and Target among them.

One app, AE + Aerie, shares user photos with advertisers, making it the only app in the study to share this particularly sensitive data type with external parties.

Twenty-nine apps use location data for their own marketing, including Whatnot, Best Buy, Sam's Club, and Old Navy. Eight apps share location with external advertisers - Walgreens, Groupon, and Cars.com among others.

Cross-Platform Tracking

Nine apps actively track browsing history across other websites and apps, including Costco, eBay, and Walgreens. Seventeen apps track search history, including Depop, H&M, Gymshark, and Chewy.

This cross-platform tracking allows apps to build detailed profiles of users' interests far beyond what they do within the shopping app itself. Apps collecting browsing history often combine this with other tracking to create comprehensive user profiles.

Foot Locker collects browsing history, search history, physical address, purchase history, and usage data, then shares much of this with third-party advertisers.

Complete Rankings: All 100 Apps

App Name	Tracking Data	3rd Party Data	1st Party Data	Score
Foot Locker	9	13	15	100
Nordstrom Rack	8	13	22	96
AE + Aerie	9	11	19	95
Kohl's	6	17	18	95
Nordstrom	7	13	23	90
Ace Hardware	9	8	17	85
Depop	10	7	7	85
Walgreens	8	8	8	76
eBay	5	10	12	65
Cars.com	5	10	10	65
Mercari	6	8	6	63
ALO	7	5	8	61
OfferUp	5	8	8	58
Ibotta	5	7	13	56
ALDI USA	4	9	10	55
Macy's	3	9	14	51
Etsy	4	8	2	50
Target	3	8	12	47
Bath & Body Works	4	6	11	47
Kroger	3	7	13	44
adidas	6	1	11	43
Sephora US	4	5	11	43
StockX	4	5	7	42
PetSmart	3	6	11	40
Victoria's Secret PINK Apparel	4	3	13	38
Victoria's Secret	4	3	12	38
Ulta Beauty	6	0	0	37
Gymshark	5	1	7	36
CarGurus	2	6	16	36
Chewy	5	0	13	35
GOAT	5	0	9	34
H&M	5	0	2	31
Alibaba	3	3	11	31
Harbor Freight Tools	5	0	0	31
Groupon	1	7	8	30
Walmart	3	3	4	29
Nike	2	4	12	28
Klarna	2	4	11	28
Quince	4	0	10	28
Poshmark	4	0	10	28
Fabletics	4	0	7	27
Fashion Nova	3	2	0	25
Bed Bath & Beyond	3	1	9	24
Aritzia	3	0	14	23
CARFAX	3	1	2	22
Official Pandora KR	3	0	6	20
T.J.Maxx	3	0	3	19
Whatnot	2	1	13	19
Sezzle	3	0	2	19
Capital One Shopping	2	1	10	19
Ralph Lauren	2	1	3	16
Safeway Deals & Delivery	1	3	2	16
Wayfare	2	0	10	15
Afterpay	2	0	10	15
lululemon	0	4	9	15
Affirm	2	0	8	15
UNIQLO	1	2	7	15
Sam's Club	1	1	14	14
Phia	2	0	3	13
Gap	1	1	12	13
Aeropostale	2	0	1	13
Athleta	1	1	11	13
Old Navy	1	1	11	13
IKEA	1	1	7	11
SKIMS	1	0	15	11
Vinted	1	1	4	11
Babylist Baby Registry	1	0	12	10
Costco	1	1	2	10
Crocs	1	1	1	10
Amazon	0	2	11	10
Abercrombie & Fitch	1	0	10	9
DHgate	1	1	0	9
Hollister	1	0	10	9
The Home Depot	1	0	10	9
Nespresso Store	1	0	8	9
Taobao	1	0	6	8
Publix	1	0	6	8
Carvana	1	0	5	8
Zara	1	0	5	8
Fetch	1	0	3	7
SHEIN	1	0	3	7
Michaels Store	1	0	2	7
BJs Wholesale Club	1	0	1	7
Carter's	1	0	0	6
Circle K	1	0	0	6
Dollar General	1	0	0	6
KashKick	1	0	0	6
AliExpress	1	0	0	6
Zip	0	0	11	3
Rakuten	0	0	11	3
Dick's Sporting Goods	0	0	9	3
Lowe's	0	0	6	2
Best Buy	0	0	6	2
Temu	0	0	5	2
LTK	0	0	4	1
Shop	0	0	1	0
craigslist	0	0	0	0
Hobby Lobby	0	0	0	0
Elfster	0	0	0	0
Four	0	0	0	0

The Least Invasive Apps

Several major shopping platforms prioritize user privacy, demonstrating that robust e-commerce functionality doesn't require invasive data collection:

Four (0/100)
Elfster (0/100)
Hobby Lobby (0/100)
craigslist (0/100)
Shop (by Shopify) (0/100)
LTK (1/100)
Temu (2/100)
Best Buy (2/100)
Lowe's (2/100)
Dick's Sporting Goods (3/100)

These apps demonstrate that privacy-respecting practices and popular features can coexist. Shop by Shopify is the #3 most popular shopping app in America, with an invasiveness score of zero.

Methodology

Tenscope analyzed the privacy policies of the 100 most popular shopping apps in the United States as listed in the Apple App Store in November 2025.

For each app, researchers extracted information about three categories based on Apple's standardized privacy labels, which developers are required to self-report when submitting apps to the App Store:

Tracking Data: Information collected to track users across other companies' apps and websites
Third-Party Data: Data shared with external advertising networks (as defined by Apple: "displaying third-party ads in your app, or sharing data with entities who display third-party ads")
First-Party Data: Data used by the app developer for its own marketing

Each data point was counted and weighted. These weights reflect the relative invasiveness of each practice, with cross-app tracking representing the most serious privacy violation.

Weighted scores were combined and normalized to create a final score ranging from 0 to 100, where 0 represents minimal data collection and 100 represents maximum invasiveness.

All privacy policy data was collected from each app's official App Store listing in November 2025. The complete dataset with detailed breakdowns for all 100 apps is available for review in our public data sheet here.

Public Use

The data and images presented in this study can be used freely for both commercial and non-commercial purposes. We only ask that you credit the author of the research (Tenscope) with a link to this page.

Product design

SaaS UI/UX design agency for fast-moving startups

Book a Demo