Do Our Budgeting Apps Know Too Much About Us?

Can you really trust Mint and You Need a Budget?

It’s never been easier to keep track of your money.

Instead of balancing out your budget by hand, like I did for approximately a month when I got my first checkbook at age 16, smartphone apps can aggregate all your spending into one place, telling you whether you’re on track or you’re in the red.

They do this by directly connecting to all of your accounts: checking, savings, credit cards, even student loans. And they typically provide this service for free.

You might download most of your apps without thinking too much about them. But there might be reason to be more thoughtful about the budgeting apps you download and use.

For one thing: The information you’re giving away on financial apps is much more sensitive.

Should you be worried?

When you use most budgeting apps, you’re giving the app your bank account credentials. According to one survey, most Americans aren’t aware of that.

If an app can monitor your bank account, that means it knows everything you’re buying and how much money you spend each month. It might have location services tracking where you are.

Then there’s the “free” part of the equation. Ever heard the phrase “If you don’t pay for something, you’re the product”?

“That’s still true,” said Mike Johnson, senior fellow and Honeywell/James J. Renier Chair at the University of Minnesota’s Technological Leadership Institute.

“Meaning that your data is valuable to the app provider. You have to think about, what’s their business model?”

Johnson says there are three kinds of apps:

There are paid apps, which collect monthly user fees to make money. There are free apps, which sell access to your data to advertisers.

Data is stolen from man using smartphone or iPad. REWIRE PBS Work Budgeting AppsCredit: Adobe
Do you know who can read your private information?

And then there’s a hybrid, more common with sensitive information: a referral fee model, where a free app makes money if you accept offers from their advertisers.

Many financial apps fall into this third category. For instance, Mint, the wildly popular budgeting app with more than 20 million users, is free to use. It makes money from things like credit card offers.

The app explicitly states that it won’t sell your personal information to third parties for marketing purposes.

But it will aggregate and sell consumer data on a pooled, anonymous basis. Which means your data might be used to inform Mint and third parties about what 18- to 36-year-olds buy, for instance. Your name and identity just won’t be attached to it.

Reputation, reputation, reputation

The reality of the internet means it’s sort of hard to have complete data privacy. Any app that you use is going to be collecting and giving away your information.

So unless you want to live in a cave and completely abstain from the internet, it’s up to you to decide which apps you can trust with that info — and which you can’t.

So how do you figure that out?

You can start by looking at the reputation of the developer, the company that made the app.

“The reputation of the owner and developer is always important,” Johnson said. “But it’s of the utmost importance when it comes to your financial services and your bank account.”

The more reputable the company, the better the security behind the app. The less well-known, the more risky.

It’s not always the case — for instance, even Facebook has been criticized for data privacy scandals in the past few years. But, in general, a startup won’t have the same protections that a more established company might.

For most of Mint’s life, it’s been owned by Intuit — the company that produces software like Quicken and TurboTax.

That Intuit owns the app — the company I trust with my tax information every year — made me feel comfortable downloading it in the first place.

Do your homework

Johnson cautions that just because you trust a company with one type of data doesn’t mean they’re safe for another. Now, with that one company having your bank account info and your tax info, it has a pretty clear picture of you.

“In Turbo Tax, you’re putting in a lot of data. But you’re not telling Turbo Tax that you bought some embarrassing medical product,” he said. “Whereas if it’s in your bank account it might not say hemorrhoid cream, but it’s something you might be able to figure out.”

Even more trustworthy than your tax company might be a budgeting app owned by your bank. Johnson predicts we’ll see more of these as budgeting apps continue to increase in popularity.

For one thing, your bank will already have this information about you, so you’re spreading it to fewer parties.

And even though banks experience data breaches like any other company, they’re regulated more strictly than your standard tech company. (There’s a reason every tech company wants to look like a bank, but not actually be a bank.)

That makes all the difference.

“There’s laws requiring security, there’s laws requiring explicit statements of what the data is used for,” Johnson said of bank regulations. “There’s serious reputation impact.”

Past simple reputation, it’s also important that you check out the privacy policy of the financial app you plan to download.

App privacy statements are notoriously long and daunting; studies have shown it could take anywhere from 30 hours to 200 hours to actually read them all.

This might be worth prioritizing. If you’re short on time, you can do a little ctrl-F and search the statement for words like “share data to third parties,” since they’ll have to explicitly state it if that’s what they’re doing.

Clean up

This isn’t exactly a one-and-done process. Over time, apps will change their privacy terms. You should probably reread them when that happens.

Just as it’s important to select your apps with care, it’s also a good idea to delete any apps you’re not using.

That’s especially true with budgeting apps.

If you downloaded Mint at the start of last year thinking you were gonna start budgeting, and have only used it once since, you might want to delete the app from your phone.

That’s because the app on your phone grants certain permissions for the company. They can be collecting data on you as long as it’s there.

The more apps on your phone, the more at risk you are for attacks from hackers, Johnson said.

Keep informed on any data breaches. And if there’s a privacy policy change that’s problematic, someone on the internet is probably going to be mad about it.

The more tuned in you are, the safer your information will be.

Gretchen Brown

Gretchen is an editor for Rewire. She’s into public media, music and really good coffee. Email her at [email protected], or follow her on Twitter @gretch_brown.