That ‘Free Data’ App Might Be Selling Your Information

The offer: “Download our app and get free mobile data/internet usage/credits …” It sounds great. But many seemingly ‘free’ apps operate on a different business model: they collect and monetise your data.

• Some apps gather location, contacts, usage behaviour, and other metadata.
  
• Others may sell or broker your data either directly or indirectly via ad networks and data brokers.

 In short: you might not pay with money, but you could pay with your privacy.

 What type of data is collected

Apps can collect multiple kinds of data:

Data type	How collected	Why it’s valuable
Location (GPS, WiFi, cell tower)	Via permissions, background tracking	Advertisers/brokers can infer habits, preferences, sensitive visits (churches, clinics)
Device identifiers & usage	IDs, app-interactions, sensors	Link behaviours across apps/devices; build profiles
Personal info & contacts	User-entered data, contacts permission	Targeted offers, influence networks
Inferred behavioural/sensitive attributes	From patterns (e.g., health app collects from you going to therapy)	Data brokers can classify and sell sensitive cohorts

How data becomes revenue

1. The app collects data from users (often under the guise of “free service”).
   
2. That data is transferred to ad networks, data brokers, or aggregated with other datasets.
   
3. Value creation: Marketing firms pay to target users with high-precision segments (you’ve visited X clinic or you are likely to buy Y).
   
4. App owners may benefit by revenue share, or the entire business model is built around data rather than user subscription.

 Why “free data” apps are especially risky

When an app is advertised as “free data” (internet/data credit), the trade-off is often more opaque: you may think you’re gaining mobile connectivity, but the app might be collecting excessive permissions or sharing your info. Because the value proposition is attractive, many users download without scrutinising permissions or privacy policies.

Real-life examples of data-selling apps

Example 1 – Location tracking and ad-brokers

An ACLU attorney noted: location data “can reveal where we sleep at night, where we go during the day, our friends and romantic partners.”
In 2020, app-tracking firm Gravy Analytics (with subsidiary Venntel) was reported to have collected location data from thousands of apps (including games like Candy Crush and dating apps) and sold that aggregated data.
This shows how apps you download for fun might be feeding pipelines of data brokers.

Example 2 – Sensitive data in wellness/mental-health apps

A report from Duke University found that data brokers were selling information that identified individuals by their mental-health diagnoses (depression, anxiety, bipolar)  drawn from apps of many kinds.
That means your health app may be far from private.

Example 3 – General study of data-hungry apps

Analysis by OnDeck found that marketing apps on average collected 16.5 out of 32 segments of personal information; some apps collected 21/32 segments.
Hence the “free data app could be harvesting a wide swath of your personal profile, far beyond what seems obvious.

Risks to privacy & personal safety

• Aggregated location data can reveal sensitive aspects of life (e.g., visits to medical clinics, religious gatherings).
  
• Inferred data could reveal things you never knowingly shared (sexual orientation, health conditions) and may be used to discriminate.
  
• Data-brokered profiles can be sold multiple times and combined with other leaks, increasing identifiability.
  

4.2 Financial and reputational risk

• Targeted ads can lead to higher prices, manipulated choices.
  
• If your data is mis-used (identity theft, targeted phishing) the cost may be high.
  
• Reputation damage if your app usage (e.g., mental-health app) becomes linked back to your identity.

4.3 Regulatory and trust risks

Companies found to improperly sell or share data might face regulatory penalties (e.g., the Federal Trade Commission banning two data brokers from selling sensitive location data).
From a user standpoint, once trust is lost, switching to alternative services becomes expensive or inconvenient.

How to evaluate an app’s data-practices

Checklist for users

Before installing a “free data” app, ask:

• What permissions does this app request? (Location, contacts, background usage)
  
• Is there a clear privacy policy that explains data-sharing with third parties?
  
• Does the business model rely on selling or sharing user data?
  
• Are there options in the settings to turn off data-sharing or reduce permissions?
  
• Does the developer have a good reputation and transparent track record?
  

Comparative data-risk table

Category	What to check	Red flags
Permissions	Does the app ask for access to location, camera, contacts, microphone?	Many permissions for a simple service (e.g., only needs data credit but asks for contacts)
Privacy policy	Is it clear and accessible? Are third-parties named?	Vague wording like “we may share” without specifying who or why
Business model	Is “free” supported by ads or data-monetisation?	“Free data” + no subscription + heavy permissions = likely data trade
User reviews/third-party audits	Are there reports of data misuse, tracking, or shady practices?	Articles/studies listing the app or similar ones for invasive tracking

6. Privacy-protection strategies

Here are expert-level tactics you can use:

• Minimise permissions: Only allow what’s strictly essential; disable background location where possible.
  
• Use trusted VPNs: Especially when using apps that route data; it masks your IP and device identifiers.
  
• Read alternatives: If an app offers “free data”, consider paid alternatives that don’t harvest data.
  
• Check for data-broker links: Search for the app’s developer name + “data broker” or “data sale” to see if they’re part of that chain.
  
• Use device features: On Android/iOS there are “App permissions” dashboards where you can see what an app has accessed.
  
• Regularly audit installed apps: Remove apps you no longer use; backup then uninstall apps that you suspect are heavy data-collectors.
  
• Use “limited data” accounts: If possible, use less-personal accounts to log into free apps (i.e., a separate email).
  
• Stay updated on regulation: Data-protection laws (GDPR, CCPA) are evolving; apps may be forced into better transparency.
  
• Consider paid models: Often, paying a modest fee means you’re not part of the “data product”.

7. FAQs

Q1: If an app is free and says “we will not sell your data”, can I trust it?
A: It’s a positive sign, but you still need to verify permissions, privacy policy and business model. Silence isn’t the same as guarantee.

Q2: Why do so many apps ask for location if that’s not core to their function?
A: Because location is highly valuable: advertisers and data brokers pay a premium for knowing where you go and when. 

Q3: Does deleting the app remove all collected data?
A: Not necessarily. The app may already have sent data to third parties or stored it in profiles. Always check the developer’s data-retention policy.

Q4: Are there apps that pay me for my data instead of selling it?
A: Yes, some apps (e.g., Gener8) let you trade your data for rewards. But these still involve data-sharing, so you need to judge if the trade-off is acceptable.

Q5: What legislation protects me?
A: Laws like the GDPR (EU) and CCPA (California) regulate data collection and sale. However, many apps operate globally and enforcement can be weak in some regions. So you still need personal vigilance.