What’s the single most important thing you can do to keep crooks from getting your personal information?”

The most important thing you can do is to stop clicking links in emails and texts. Most scams succeed because they trick us into clicking something that looks urgent and giving away our passwords and credit card numbers. If you go directly to websites and apps to check instead of clicking on the link in the email or text, you shut down the biggest way crooks steal personal information.

You downloaded a flashlight app. A game. A weather widget. Something useful, free and completely harmless-looking.

But “free app” and “surveillance tool with a useful feature stapled on top” are often the same thing. The app works. It also happens to be reporting your location, your contacts and your browsing habits to companies you’ve never heard of.

The scariest thing isn’t hiding under your bed. It’s on your phone.

📍 Delete these first

1. Third-party flashlight apps. The FTC went after one popular flashlight app after it quietly sent users’ precise GPS coordinates to advertisers. Your phone has a built-in flashlight. 

2. Free QR scanner apps. Your phone’s camera scans QR codes. Many third-party apps exist for one reason: ads and data collection. You don’t need them.

3. Third-party weather apps. The Weather Channel app settled a lawsuit over selling location data to advertisers. Your phone’s built-in weather app works fine.

4. Free VPN apps. You download a VPN to protect your privacy, and it turns around and sells your browsing history. Pay for ExpressVPN.*

5. AI photo apps. That fun app that makes you look younger asked for full access to your camera roll. And in some cases, your facial biometric data.

🔓 The ones you forgot about

6. Life360. Sold to parents as a family safety app. Sold to data brokers as a precise location feed, including your kids’ locations. Go to Settings > Privacy & Security > Location Services > Life360 and set it to While Using. 

7. Truecaller. Truecaller builds its database by uploading the entire contact list of every person who installs the app. If your friend has it, your name and number are in the database.

8. Words With Friends. A breach exposed data of over 200 million accounts. Names, emails, login credentials, phone numbers. If you play, use a throwaway email.

9. Flo Health. The popular fertility app settled with the FTC after sharing users’ reproductive health data with Facebook and Google. Deeply private information. Go to Settings > Privacy Mode inside the app and enable Anonymous Mode. Or switch to Apple Health’s on-device tracking, which never leaves your phone.

10. Facebook. If you granted “Always” location access, Facebook tracks your movements even when the app is closed. Go to Settings > Privacy & Security > Location Services > Facebook and change it to While Using or Never. I’ll wait.

11. TikTok. Researchers caught TikTok reading iPhone users’ clipboard data every few seconds. That means passwords, banking confirmations, medical notes. Anything you copied, TikTok potentially saw. The company says it fixed it. Check anyway: Settings > Privacy > Clipboard on your iPhone to see which apps have recently accessed it.

12. DoorDash. A breach hit nearly 5 million customers, drivers and merchants. Driver’s license numbers, bank account info, all of it. Go to Settings > Account > Privacy in the app and kill every marketing permission. You ordered a burrito. Not a data relationship.

13. Any app you haven’t opened in 30 days. Open your phone and scroll. Count the ones collecting dust. Those are your starting point. Delete them. If you genuinely miss one, re-download it. You won’t miss any of them.