Statistics released by GOV.UK suggest that the number of small to medium-sized enterprises (SMEs) in the UK has increased by 2 million over the last two decades. There are now an estimated 5.5 million SMEs operating across the country.   

 

Mobile apps are essential for the success of SMEs. Financial-related apps, such as Paypal, QuickBooks, and Wave, facilitate secure transactions with customers. Task management apps, such as Monday and Asana, are fantastic for supporting productivity and organisation. Unfortunately, using apps may jeopardise the privacy of your business, employees, and customers. According to a recent study by Software Advice UK, only 39% of consumers take the time to carefully review privacy policies. 

 

Last December, social media giant Meta agreed to a $725 million privacy statement; the conclusion to an explosive four-year class action lawsuit. Meta was accused of allowing data analytics firm Cambridge Analytica to access the personal data of millions of users. In this case, data was shared without consent, but many consumers – particularly those who skip privacy statements – unknowingly agree to their data being collected and used when downloading apps. 

 

An app may track a user’s location, personal information, financial information, sensitive information or browsing history. It may also track purchase history, listed contacts and health and fitness data. In some cases, data is tracked exclusively to improve user experience. In other cases, however, personal data is shared with third parties for advertising purposes. Some apps are not sufficiently protected against cyber attacks, which often target data for personal gain, putting consumers at risk. 

 

With this in mind, researchers at SecureTeam have reviewed the privacy policies of over 60 apps designed for use by small businesses, ranking them from most invasive to least invasive. 

 

Applications for small businesses: An overview 

 

Apps for SMEs are broadly separated into five categories: business, finance, productivity, social networking and utilities. The effective use of apps can greatly improve an SME’s productivity, facilitate communication with customers, and help with finance management. 

 

Business and website management 

 

• Google Analytics 
• Asana 
• Shopify 
• Trello 
• Sortly 

 

Finance 

 

• PayPal 
• Tide 
• Expensify 
• Wave 
• Clover 
• Xero Accounting 

 

Productivity 

 

• Google Drive 
• Microsoft 365 
• Evernote 
• OmniFocus 
• Weebly 

 

Utilities 

 

• Avast Business 

 

Social Networking 

 

• Facebook 
• Instagram 
• Hootsuite 

 

Understanding our infographics

 

The data in our infographic is split into 14 sections. This mirrors the “types of data” section laid out on Apple’s App Privacy Details On the App Store page. We have colour coded each category. A coloured in segment indicates that a data source is tracked. Grey indicates that the segment is not tracked. 

 

The top five most invasive apps for small businesses: A data breakdown: 

 

Meta Business Suite 

 

Launched in 2020, Meta Business Suite enables SMEs to manage Facebook and Instagram pages associated with their business from one centralised location. Whatsapp accounts may also be added. Meta Business Suite is free to use and is a valuable tool for asset management, service advertisement and business organisation. 

 

Meta Business Suite ranked highest in our list of most invasive apps for small businesses. Unlike the other apps on our list, Meta Business Suite tracks all 32 segments for a variety of purposes. This includes precise location, sensitive information, payment information and credit information. 

 

Zettle Go by Paypal 

 

Zettle, part of the PayPal family, offers a variety of commerce tools, including point-of-sale apps and mobile card readers. The card readers offered by Zettle are great for small businesses and vendors, as they allow them to accept card payments anywhere and at any time. Zettle Go, the app we analysed in this study, enables users to track sales and keep track of stock. 

 

Zettle Go ranked second in our list of the most invasive apps for small businesses, tracking 25 out of 32 segments in total. Zettle Go does not track health or fitness information, sensitive information, contacts, audio data, gameplay content or browsing history. 

 

PayPal 

 

PayPal ranked third in our list of most invasive apps. PayPal allows SMEs to send money, pay online and accept payments, all without using a mobile banking app. With more than 325 million accounts in 200 markets, PayPal is beloved around the world. PayPal is convenient, charges competitively and can be integrated with a number of shopping cart systems, making it a great choice for many SMEs. 

 

Paypal tracked 23/32 segments; two fewer than Zettle Go by PayPal. Unlike the former, the original PayPal app does not track emails and text messages, crash data, performance data or other diagnostic data. It does, however, track contacts and browsing history, which Zettle Go does not. 

 

Square 

 

Square, a financial services platform, was designed specifically for SMEs. It is a financial services platform, which allows small and medium-sized businesses to accept credit card payments. It also enables them to use tablets and phones as payment registers. Launched in 2014, Square is very popular in the SME world. 

 

In total, Square tracks 22 out of 32 segments, two fewer than PayPal. It does not track health or fitness data, sensitive information, emails and text messages, audio data, gameplay content, browsing history, search history, purchase history or advertising data. 

 

QuickBooks Online

 

Developed by Intuit and initially released as software in 1983, QuickBooks helps SMEs to manage their expenses and cash flow, enabling them to track profits and losses. Users can also create invoices. QuickBooks is free to use and was developed specifically for small to medium-sized businesses. 

 

QuickBooks Online tracks 20 segments, placing fifth in our ranking of the most invasive apps. QuickBooks Online does not track health data, credit information, sensitive information, emails or text messages, audio data, gameplay content, browsing history, search history, purchase history, advertising data, other usage data or other diagnostic data. 

The least invasive apps for small businesses: A visualisation 

 

 

The least invasive apps for small businesses: A data breakdown: 

 

Apps which track just one data segment

 

Sage Accounting 

 

Category: Business 

Type: Accounting 

Segment tracked: Product Interaction 

 

Lightspeed

 

Category: Business

Type: Restaurant management 

Segment tracked: User ID 

 

 

GoToMeeting 

 

Category: Business 

Type: Mobile meeting app 

Segment tracked: User ID 

 

SaneBox

 

Category: Productivity 

Type: Clears clutter from email inboxes

Segment tracked: Contacts 

 

Which apps collect the most data for marketing purposes? 

 

Some apps collect user data and sell it to third-party advertisers. In the infographic below, we’ve rounded up the worst offenders for data collection for marketing purposes:

 

How can I protect my SMEs digital privacy?

A data breakdown: Develop a privacy policy with the help of a cybersecurity expert 

 

If your business collects customer data, developing a cohesive, comprehensive privacy policy is crucial. This privacy policy should outline what data the company plans to collect, and explain why the data is being collected. It should also detail security measures, implemented for data protection purposes. 

 

Make sure to invest in security software

 

Research and install relevant anti-malware and antivirus software. This can help to combat phishing attacks, which are where hackers attempt to deceive people into revealing personal information or into installing malware onto a device. Fireware software, which prevents users from entering a private network, should also be considered. 

 

Use alternative passwords for each account 

 

Use a password manager to generate and remember passwords. Try using LastPass or 1Password. Make sure that passwords are complex and do not contain personal information. Include numbers, symbols and capital letters. 

 

Update apps and software regularly

 

Make sure to install software and app updates as they become available. Updates often feature new security features. Regularly backing up data is also crucial. Turn on automatic settings to back-up word processing documents, financial files, human resource files and important databases. Some documents should be printed, but make sure to keep them in accordance with GDPR. 

 

Education is key 

 

Invest in staff training. It is estimated that human error is responsible for around 90% of data breaches. Keep up with news stories and trends in fraud schemes and techniques employed by hackers to breach a business’ security. Keep a record of the training that each employee receives. 

 

Study methodology

 

We used Apple’s App Store to collect data for this blog post, alongside Apple’s guide to privacy. This can be found at the link below.

https://developer.apple.com/app-store/app-privacy-details/#data-type

We used a variety of online guides to identify applications frequently used by SMEs. We then used Apple’s App Store to identify the types of data tracked by each application, and what it was used for. There are 32 data types in total across 14 categories. We only recorded data that could be linked to the app owner. Data that was tracked for the app’s own gain, such as for third-party advertising, was noted in a separate category to data collected for functionality, personalisation and analytics. We then presented this data across three infographics.