Popular word guessing game Wordle has sparked a wave of copycat apps that appear to be cashing in on user data.
PrivacyCo, a company that sells data masking VPN services, found that users of the top five Wordle copycat apps can agree to hand over access to their device fingerprint, IP address and more when they sign-up to the terms and conditions that often include a long list of third-party trackers.
The apps in question use up to 17 trackers, PrivacyCo said. There is no suggestion of wrong doing but PrivacyCo said it had undertaken the research to highlight a practice that many users may be unaware of.
The most popular clone app, listed on the App Store under the same name Wordle, has been installed approximately 5.7 million times and offers an unlimited stream of daily guesses, unlike the one guess allowed by the now New York Times’ owned original Wordle.
Simon Migliano, head of research at PrivacyCo, said people should read the privacy policy of any free app before using it. Paying for an app is a safer option because most don’t make money from exploiting data, he said.
“The main issue with these apps is that they are collecting lots of small pieces of information about your phone or device,” Migliano said.
When you compile all the pieces together, they become a digital fingerprint for your device. That allows companies to tell what device you use and what websites you visit.
He added: “Maybe [you’re] a bit worried about a health issue. You Google the symptoms on your phone, to reassure yourself that it’s ok to call a doctor. But that information is getting collected and getting aggregated into a profile about you and all the things that you look at.
“Data brokers will buy these profiles and they will sell them on and this is all legal. It happens all over the world.”
Migliano encourages people to think twice before downloading free apps and running ad blockers when online.