A new review of data practices across the most downloaded shopping apps in the United States shows how sharply companies differ in the way they handle user information. Tenscope examined the top one hundred shopping apps on the Apple App Store in November 2025 and scored each one on how much data it collects, shares with advertisers, or uses for its own promotions. The result is a ranking that places some major brands at the very top of the invasiveness scale while others collect almost nothing.
Foot Locker leads the list with a score of one hundred. It gathers nine types of information for cross platform tracking and sends thirteen categories of user data to advertising partners. It also uses fifteen types of data for its own marketing. The gap becomes clear when Foot Locker is compared with Dick’s Sporting Goods. Both operate under the same parent company, yet Dick’s scores only three and collects nothing for tracking across outside apps or sites.
The study shows that popularity does not predict how aggressively an app collects information. Temu is the second most popular shopping app in the country and has a score of two. Shop by Shopify is the third most popular and has a score of zero. These two apps collect only limited data and avoid the tracking practices seen in many higher scoring apps. Meanwhile Foot Locker ranks eighty five in popularity despite the highest score in the review. Nordstrom Rack and AE + Aerie also sit outside the top fifty while holding scores well into the nineties. Tenscope points to a growing trend where heavy data collection may push users away rather than strengthen engagement.
The analysis highlights how often user information is shared with outside advertisers. Twenty four apps share purchase history. This includes Depop, eBay, Macy’s, Mercari, and Etsy. Nineteen apps share email addresses with advertising networks. Ten share physical addresses. Only one app sends user photos to advertisers and that is AE + Aerie. Tenscope also found that twenty nine apps use location data for their own marketing and eight share location with external partners.
Cross platform tracking continues to play a major role in how apps build user profiles. Nine apps collect browsing history across outside websites and apps. Seventeen collect search history. These practices expand each app’s view far beyond what happens within its own interface. Foot Locker stands out again. The app collects browsing history, search details, address information, purchase activity, and usage data, then pushes much of this to advertisers.
Some of the lowest scoring apps show that a full shopping experience does not require invasive behavior. Four, Elfster, Hobby Lobby, Craigslist, and Shop by Shopify score zero. LTK follows with one. Temu, Best Buy, and Lowe’s sit at two. Dick’s Sporting Goods holds a score of three. These results show that many brands are able to run core features without building extensive data profiles.
Full list:
Tenscope based its scoring on Apple’s privacy labels. These disclosures require developers to report the types of data they collect and how that data is used. Each data point was weighted based on how intrusive the practice is. Cross platform tracking carried the highest weight. Scores were then normalized to produce final results on a scale from zero to one hundred. All data reflects disclosures made in November 2025.
Key Questions Raised by the Findings:
The report also prompted DIW to reach out for expert context. Jovan, the co-founder of Tenscope, shared additional insight on how these findings fit into the wider privacy landscape.
One focuses on how a high invasiveness score may influence customer loyalty, install rates, or the general trust people place in a brand. Another asks why some companies continue to rely on heavy data collection even when most users show a clear preference for apps that gather less information. In response, Jovan explained that: "The core problem is consumer awareness: most people know apps collect data, but few understand the true scope. This lack of awareness is the same reason why companies follow these practices - they don't have to change since they are not receiving pushback from the customers. That was one of the reasons we did this study - to shed light on all the unnecessary (and invasive) data that shopping apps collect in the peak shopping season."
DIW also asked about the study’s limits, noting that an app can look less invasive in this ranking because of how data is reported while still collecting information through channels not reflected here. For example, the picture may also change on Android or other platforms, which creates possible blind spots. In response, Jovan explained that "The primary limitation of this study is that it only examines apps found on the App Store, and Apple's privacy standards are much higher than Google's or those of other platforms. This means the same app could potentially collect significantly more data on the Google Play Store."
Lastly, DIW also asked how companies should prepare for upcoming changes in privacy rules and rising user expectations in the year ahead. And the cofounder explained that, "The data economy has grown faster than the older laws anticipated (new technologies often advance more quickly than safeguards, e.g. AI), so regulators are taking a more active role. If changes are coming anyway, it makes sense for companies to get ahead of these and use this as a marketing advantage, for example, by positioning themselves as “data responsible”. For consumers, the best defense is to be vigilant. Check app permissions, turn off anything you don’t need (especially location), and in general go for brands which are transparent about their data practices."
Notes: This post was drafted with the assistance of AI tools and reviewed, edited, and published by humans.
Read next: U.S. Creator Economy Spending Expected to Hit 37 Billion Dollars in 2025 as Growth Outpaces Media Industry
Foot Locker leads the list with a score of one hundred. It gathers nine types of information for cross platform tracking and sends thirteen categories of user data to advertising partners. It also uses fifteen types of data for its own marketing. The gap becomes clear when Foot Locker is compared with Dick’s Sporting Goods. Both operate under the same parent company, yet Dick’s scores only three and collects nothing for tracking across outside apps or sites.
The study shows that popularity does not predict how aggressively an app collects information. Temu is the second most popular shopping app in the country and has a score of two. Shop by Shopify is the third most popular and has a score of zero. These two apps collect only limited data and avoid the tracking practices seen in many higher scoring apps. Meanwhile Foot Locker ranks eighty five in popularity despite the highest score in the review. Nordstrom Rack and AE + Aerie also sit outside the top fifty while holding scores well into the nineties. Tenscope points to a growing trend where heavy data collection may push users away rather than strengthen engagement.
The analysis highlights how often user information is shared with outside advertisers. Twenty four apps share purchase history. This includes Depop, eBay, Macy’s, Mercari, and Etsy. Nineteen apps share email addresses with advertising networks. Ten share physical addresses. Only one app sends user photos to advertisers and that is AE + Aerie. Tenscope also found that twenty nine apps use location data for their own marketing and eight share location with external partners.
Cross platform tracking continues to play a major role in how apps build user profiles. Nine apps collect browsing history across outside websites and apps. Seventeen collect search history. These practices expand each app’s view far beyond what happens within its own interface. Foot Locker stands out again. The app collects browsing history, search details, address information, purchase activity, and usage data, then pushes much of this to advertisers.
Some of the lowest scoring apps show that a full shopping experience does not require invasive behavior. Four, Elfster, Hobby Lobby, Craigslist, and Shop by Shopify score zero. LTK follows with one. Temu, Best Buy, and Lowe’s sit at two. Dick’s Sporting Goods holds a score of three. These results show that many brands are able to run core features without building extensive data profiles.
Full list:
| App Name | Tracking Data | 3rd Party Data | 1st Party Data | Score |
|---|---|---|---|---|
| Foot Locker | 9 | 13 | 15 | 100 |
| Nordstrom Rack | 8 | 13 | 22 | 96 |
| AE + Aerie | 9 | 11 | 19 | 95 |
| Kohl's | 6 | 17 | 18 | 95 |
| Nordstrom | 7 | 13 | 23 | 90 |
| Ace Hardware | 9 | 8 | 17 | 85 |
| Depop | 10 | 7 | 7 | 85 |
| Walgreens | 8 | 8 | 8 | 76 |
| eBay | 5 | 10 | 12 | 65 |
| Cars.com | 5 | 10 | 10 | 65 |
| Mercari | 6 | 8 | 6 | 63 |
| ALO | 7 | 5 | 8 | 61 |
| OfferUp | 5 | 8 | 8 | 58 |
| Ibotta | 5 | 7 | 13 | 56 |
| ALDI USA | 4 | 9 | 10 | 55 |
| Macy's | 3 | 9 | 14 | 51 |
| Etsy | 4 | 8 | 2 | 50 |
| Target | 3 | 8 | 12 | 47 |
| Bath & Body Works | 4 | 6 | 11 | 47 |
| Kroger | 3 | 7 | 13 | 44 |
| adidas | 6 | 1 | 11 | 43 |
| Sephora US | 4 | 5 | 11 | 43 |
| StockX | 4 | 5 | 7 | 42 |
| PetSmart | 3 | 6 | 11 | 40 |
| Victoria's Secret PINK Apparel | 4 | 3 | 13 | 38 |
| Victoria's Secret | 4 | 3 | 12 | 38 |
| Ulta Beauty | 6 | 0 | 0 | 37 |
| Gymshark | 5 | 1 | 7 | 36 |
| CarGurus | 2 | 6 | 16 | 36 |
| Chewy | 5 | 0 | 13 | 35 |
| GOAT | 5 | 0 | 9 | 34 |
| H&M | 5 | 0 | 2 | 31 |
| Alibaba | 3 | 3 | 11 | 31 |
| Harbor Freight Tools | 5 | 0 | 0 | 31 |
| Groupon | 1 | 7 | 8 | 30 |
| Walmart | 3 | 3 | 4 | 29 |
| Nike | 2 | 4 | 12 | 28 |
| Klarna | 2 | 4 | 11 | 28 |
| Quince | 4 | 0 | 10 | 28 |
| Poshmark | 4 | 0 | 10 | 28 |
| Fabletics | 4 | 0 | 7 | 27 |
| Fashion Nova | 3 | 2 | 0 | 25 |
| Bed Bath & Beyond | 3 | 1 | 9 | 24 |
| Aritzia | 3 | 0 | 14 | 23 |
| CARFAX | 3 | 1 | 2 | 22 |
| Official Pandora KR | 3 | 0 | 6 | 20 |
| T.J.Maxx | 3 | 0 | 3 | 19 |
| Whatnot | 2 | 1 | 13 | 19 |
| Sezzle | 3 | 0 | 2 | 19 |
| Capital One Shopping | 2 | 1 | 10 | 19 |
| Ralph Lauren | 2 | 1 | 3 | 16 |
| Safeway Deals & Delivery | 1 | 3 | 2 | 16 |
| Wayfare | 2 | 0 | 10 | 15 |
| Afterpay | 2 | 0 | 10 | 15 |
| lululemon | 0 | 4 | 9 | 15 |
| Affirm | 2 | 0 | 8 | 15 |
| UNIQLO | 1 | 2 | 7 | 15 |
| Sam's Club | 1 | 1 | 14 | 14 |
| Phia | 2 | 0 | 3 | 13 |
| Gap | 1 | 1 | 12 | 13 |
| Aeropostale | 2 | 0 | 1 | 13 |
| Athleta | 1 | 1 | 11 | 13 |
| Old Navy | 1 | 1 | 11 | 13 |
| IKEA | 1 | 1 | 7 | 11 |
| SKIMS | 1 | 0 | 15 | 11 |
| Vinted | 1 | 1 | 4 | 11 |
| Babylist Baby Registry | 1 | 0 | 12 | 10 |
| Costco | 1 | 1 | 2 | 10 |
| Crocs | 1 | 1 | 1 | 10 |
| Amazon | 0 | 2 | 11 | 10 |
| Abercrombie & Fitch | 1 | 0 | 10 | 9 |
| DHgate | 1 | 1 | 0 | 9 |
| Hollister | 1 | 0 | 10 | 9 |
| The Home Depot | 1 | 0 | 10 | 9 |
| Nespresso Store | 1 | 0 | 8 | 9 |
| Taobao | 1 | 0 | 6 | 8 |
| Publix | 1 | 0 | 6 | 8 |
| Carvana | 1 | 0 | 5 | 8 |
| Zara | 1 | 0 | 5 | 8 |
| Fetch | 1 | 0 | 3 | 7 |
| SHEIN | 1 | 0 | 3 | 7 |
| Michaels Store | 1 | 0 | 2 | 7 |
| BJs Wholesale Club | 1 | 0 | 1 | 7 |
| Carter's | 1 | 0 | 0 | 6 |
| Circle K | 1 | 0 | 0 | 6 |
| Dollar General | 1 | 0 | 0 | 6 |
| KashKick | 1 | 0 | 0 | 6 |
| AliExpress | 1 | 0 | 0 | 6 |
| Zip | 0 | 0 | 11 | 3 |
| Rakuten | 0 | 0 | 11 | 3 |
| Dick's Sporting Goods | 0 | 0 | 9 | 3 |
| Lowe's | 0 | 0 | 6 | 2 |
| Best Buy | 0 | 0 | 6 | 2 |
| Temu | 0 | 0 | 5 | 2 |
| LTK | 0 | 0 | 4 | 1 |
| Shop | 0 | 0 | 1 | 0 |
| craigslist | 0 | 0 | 0 | 0 |
| Hobby Lobby | 0 | 0 | 0 | 0 |
| Elfster | 0 | 0 | 0 | 0 |
| Four | 0 | 0 | 0 | 0 |
Tenscope based its scoring on Apple’s privacy labels. These disclosures require developers to report the types of data they collect and how that data is used. Each data point was weighted based on how intrusive the practice is. Cross platform tracking carried the highest weight. Scores were then normalized to produce final results on a scale from zero to one hundred. All data reflects disclosures made in November 2025.
Key Questions Raised by the Findings:
The report also prompted DIW to reach out for expert context. Jovan, the co-founder of Tenscope, shared additional insight on how these findings fit into the wider privacy landscape.
One focuses on how a high invasiveness score may influence customer loyalty, install rates, or the general trust people place in a brand. Another asks why some companies continue to rely on heavy data collection even when most users show a clear preference for apps that gather less information. In response, Jovan explained that: "The core problem is consumer awareness: most people know apps collect data, but few understand the true scope. This lack of awareness is the same reason why companies follow these practices - they don't have to change since they are not receiving pushback from the customers. That was one of the reasons we did this study - to shed light on all the unnecessary (and invasive) data that shopping apps collect in the peak shopping season."
DIW also asked about the study’s limits, noting that an app can look less invasive in this ranking because of how data is reported while still collecting information through channels not reflected here. For example, the picture may also change on Android or other platforms, which creates possible blind spots. In response, Jovan explained that "The primary limitation of this study is that it only examines apps found on the App Store, and Apple's privacy standards are much higher than Google's or those of other platforms. This means the same app could potentially collect significantly more data on the Google Play Store."
Lastly, DIW also asked how companies should prepare for upcoming changes in privacy rules and rising user expectations in the year ahead. And the cofounder explained that, "The data economy has grown faster than the older laws anticipated (new technologies often advance more quickly than safeguards, e.g. AI), so regulators are taking a more active role. If changes are coming anyway, it makes sense for companies to get ahead of these and use this as a marketing advantage, for example, by positioning themselves as “data responsible”. For consumers, the best defense is to be vigilant. Check app permissions, turn off anything you don’t need (especially location), and in general go for brands which are transparent about their data practices."
Notes: This post was drafted with the assistance of AI tools and reviewed, edited, and published by humans.
Read next: U.S. Creator Economy Spending Expected to Hit 37 Billion Dollars in 2025 as Growth Outpaces Media Industry
