A recent data leak involving Duolingo has drawn attention to data collection practices in language learning apps. Cybersecurity company Surfshark conducted an investigation into these practices, listing 32 potential data points that such apps may collect.
Duolingo, with over 500 million registered users, was found to collect 19 data points, including names, email addresses, and phone numbers. While the volume of data collected is significant, researchers were more concerned about how this data was managed.
The study revealed that many language apps use collected data for tracking users, often sharing it with third-party advertisers or data brokers. Nine out of ten analyzed apps employed collected data for tracking purposes, with an average of three data points used in this manner. Duolingo stood out as the leader in this category, using two-thirds of collected user data (13 out of 19 data points) for tracking, which is four times the average among the analyzed apps.
Among the apps examined, Busuu ranked second in terms of data collection intensity, with over 100,000 registered users. However, some apps took a more privacy-oriented approach, such as EWA, which collected only five out of 32 data points.
HelloTalk, despite its conservative data collection, was found to track users’ precise locations, a feature not present in the other analyzed apps. It’s important to note that Duolingo clarified that it does not sell data to third parties, addressing a previous version of the article that claimed otherwise. Further inquiries are being made to understand why Duolingo collects such a substantial amount of data.
