Social media apps that aggressively harvest user data
Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni.
Some apps leverage data for marketing and advertising purposes, feeding algorithms to calculate optimal prices based on consumer behavior, often leading to unwanted spending. Other apps share user data with unnamed third parties, increasing the risk of breaches with every additional recipient.
Additionally, there is the threat of government appropriation of this data.
Recently, foreign-owned apps have presented new challenges. These applications are data-hungry, like their domestic counterparts, but often follow different data governance models that may not align with Western privacy expectations.
Even privacy specialists who read terms of service and privacy policies may not understand the scale of data collection, the types of data involved, or how this data is shared with other entities abroad.
Data collection and sharing
To better understand these practices, researchers at Incogni examined the most popular foreign-owned apps downloaded in the US between August 2024 and 2025. They found that 6 out of 10 popular foreign-owned apps in the US originate from China. These include TikTok, Temu, Alibaba, Shein, CapCut, and AliExpress.
Chinese apps were among the most data-intensive, collecting an average of 18 types of data from each user and sharing 6.
TikTok tops the list for data appetite. It collects 24 distinct data types and shares 6 categories with third parties, including user names, street addresses, and phone numbers.
Alibaba, the Chinese B2B commerce app, ranks second in scope. It collects 20 data categories and shares 6 with external parties. The app can access user generated content such as files, documents, videos, and photos, along with common identifiers like phone numbers, home addresses, and full names.
Temu has a narrower sharing profile, but still gathers a lot of information from Americans. It collects 18 data types and shares 1 with third parties. The data set includes approximate location, the list of installed apps, and user generated content.
Shein shows the most aggressive sharing pattern. It shares 12 of the 17 data types it collects with external entities, the highest share to collect ratio among the apps reviewed. Shared data includes phone numbers, names, and photos to undisclosed third parties.
Data collected for advertising and marketing purposes
Shein, AliExpress, and Alibaba all collect email addresses and mark them for advertising use. Those addresses are then shared with third-party marketers, which helps explain why users often see a surge in spam from sources they never knowingly signed up for.
Location data adds another layer of concern. Temu, AliExpress, and ABPV all share approximate location with third parties for advertising. ABPV goes further by sharing precise location data. In addition, Shein, Alibaba, and AliExpress share user names for advertising purposes, giving external parties a direct identifier to pair with other data.
“Many of these apps are quietly collecting and sharing personal information like names, addresses, and approximate locations, leaving users extremely vulnerable to third-party breaches,” said Darius Belejevas, Head of Incogni.