Privacy Please is an ongoing series exploring the ways privacy is violated in the modern world, and what can be done about it.
Mobile payment apps including Venmo, Cash App, and PayPal Mobile Cash have wormed their way into the fabric of our lives. While they offer users real value and convenience, they extract a serious, and often hidden, privacy toll.
Buried deep in their settings are sometimes vague disclaimers and notices warning customers that, once they download and use the apps, their information is no longer solely their own. When it comes to financial data — which has the potential to reveal people’s religious beliefs, sexual orientation, medical history, political persuasion, friends, and location — that’s a huge problem.
And when it comes to mobile payment apps, there’s only so much users can do about it.
What Venmo shares, and how to lock it down
What began as a cute story about a forgotten wallet has long since morphed into something less adorable.
Venmo, purchased (as part of Braintree) by PayPal in 2013, is perhaps most notable for its public-by-default transaction history. Unless users actively make a change to their app’s settings, their Venmo payments will be open for the world to see.
Why does that matter? Well, in addition to the oft-cited example of splitting a check with friends at a restaurant, people use Venmo for all kinds of reasons — like buying drugs or donating to aid groups. With Venmo’s public-by-default model, those transactions are both part of the public record and used by Venmo for its own ends.
We asked Venmo why this information is public by default, but a spokesperson did not respond to that question on the record. In 2018, a Venmo spokesperson told CNET that “We make it default because it’s fun to share [information] with friends in the social world.”
The spokesperson did, however, emphasize that users can tweak their app’s settings to undo the default sharing.
“Customers have the ability to determine their own privacy settings in the app, including making transactions and friends lists private as well as controlling their visibility on their friends’ friends lists,” explained the spokesperson over email. “We’re consistently evolving and strengthening the privacy measures for all Venmo users to continue to provide a safe, secure place to send and spend money.”
Here’s how you do that. To make your Venmo transaction history private:
-
Open your iOS Venmo app and tap the three horizontal lines in the upper-right corner of the app
-
Scroll down and select “Settings”
-
Tap “Privacy”
-
Under “Default Privacy Settings” select “Private”
-
While you’re there, tap “Past Transactions” and select “Change all to Private”
And while that’s a great first step, you’re not done.
Until May, following a BuzzFeed News report, Venmo made it impossible for users to hide their friends list — potentially revealing who users frequently exchange cash with.
That has now changed. To hide your friends list on the iOS Venmo app:
-
With the most up-to-date version of the app, open Venmo and tap the three horizontal lines in the upper-right corner
-
Scroll down and select “Settings”
-
Tap “Privacy”
-
Select “Friends List”
-
Select “Private”
-
While you’re there, toggle off the option “Appear in other users’ friends lists”
But don’t be fooled by this belated move toward slightly more privacy. According to Gennie Gebhart, who directs the activism team at the Electronic Frontier Foundation, Venmo still has a long way to go.
“Venmo is the worst player here.”
“Venmo is the worst player here,” she explained over email. “Letting users hide their friend lists is a big step in the right direction for Venmo, but it’s only a step.”
Venmo’s structural oversharing is at the heart of what troubles Gebhart.
“We really want to see privacy become the default, not just an option buried deep in the settings,” she continued. “There’s no good reason for transactions, friend lists, or any other information about someone’s financial activity to be public by default.”
In addition to the public feeds and friend lists, there’s a lot of sharing behind the scenes.
According to the company’s privacy policy, which was last updated (as of the time of this writing) June 1 of this year, Venmo asks for access to your “Geolocation Information.” If granted, Venmo says it “may” use that information for “location-specific options, functionality, offers, advertising, search results, or other location-specific content.”
As a blockbuster 2019 New York Times report demonstrated, detailed location information is shockingly revealing and is practically impossible to completely anonymize. Preventing Venmo from accessing your location data, to the extent that you can, is essential to maintaining a shred of financial privacy.
Notably, according to its privacy policy, Venmo does more than simply ask for access to your phone’s location data. The app “identifies with reasonable specificity your location by using, for instance, longitude and latitude coordinates obtained through GPS, Wi-Fi, or cell site triangulation.”
You can prevent some of that data collection on iOS by going to Settings > Privacy > Location Services > Venmo > and selecting “Never.”
Unfortunately, there is no way to prevent the bulk of the data collection done by Venmo and still use the app. As such, if you’re truly worried about handing over the keys to your financial filing cabinet to the company, you’re better off deleting the app entirely — or at least being exceptionally intentional about which transactions you conduct on the platform.
Venmo-ing someone $20 to cut your lawn is a lot different than sending $60 to your local drug dealer, after all. And trust us, Venmo knows the difference, too.
What Cash App shares, and how to lock it down
Debuted in 2013 as a way to send money via email, Square Cash was initially a bare-bones service that did one thing well. Its current iteration, Cash App, brings a lot more to the table — including the ability to buy bitcoin and stocks. With those added features come added privacy concerns.
That said, unlike Venmo, Cash App doesn’t try to be some kind of money-oriented social network. As a result, it avoids some of the fundamental privacy problems built into Venmo’s DNA. Still, with approximately 36 million monthly users according to app analytics site Business of Apps, Cash App has a wide reach — and as with most apps, that means it collects a lot of user data.
According to Cash App’s privacy policy, the app hoovers up a variety of data. Some of that, like users’ real names and email address, makes intuitive sense — it is a service that facilitates the sending and receiving of money, after all. The justification for collecting other information, like location data, is more of a gray area.
The policy notes that Cash App collects the “location of your device, including your IP address, device language, and location of your network provider,” among other odd details like whether or not iOS users have downloaded the Chrome app.
Cash App also says it creates user profiles “that may reflect, for example, your preferences, characteristics, and behavior, including for account security purposes or to enhance our Services to you.”
What does it do with all this data? Well, a host of stuff. While Cash App emphasizes in its privacy policy that it doesn’t sell your information to third parties, and that it hasn’t done so in the past, the privacy policy makes clear that it “may share (within our group of companies or affiliates, or with service providers or other third parties) aggregated and anonymized information that does not specifically identify you or any individual user of our Services.”
In other words, that means your data might be shared with third parties.
We asked Cash App what information exactly it shares with third parties, what that information is used for, and if there is a way to opt out of that sharing.
In response, a spokesperson pointed us back to Cash App’s privacy policy and noted that some shared information is used to better understand marketing campaigns. The spokesperson did not respond to our question about ways for users to opt out of data sharing.
(California residents have some additional rights thanks to the CCPA.)
So where does that leave a Cash App user looking for more privacy? Well, unfortunately it leaves them wanting. While Cash App, unlike Venmo, doesn’t broadcast your transactions by default to all your contacts, it still collects reams of your data as a matter of course.
Much like with Venmo, the best bet for users concerned about privacy is not to play. Barring that, anyone sending money over Cash App should be extremely thoughtful about what kind of transactions they’re engaging in.
What PayPal shares, and how to lock it down
While PayPal owns Venmo, the online payments company founded in the late 1990s by Elon Musk and Peter Thiel (among others) also has a mobile app that bears its name: PayPal Mobile Cash.
According to the company, PayPal’s general privacy policy “applies to the PayPal, Braintree and Xoom services offered by PayPal.” In other words, it covers all things PayPal. So what user data does the PayPal family of services collect?
For starters, as detailed by the above privacy policy, PayPal may collect both users’ GPS location data and location observed through their IP addresses. This type of stuff matters, because where you’re located when you spend money reveals a lot about you (think about payments you might make at the horse track, or neighborhood bar, or random alleyway at night).
Users can deny apps access to their location data in their phones’ settings, but it’s significantly more cumbersome to prevent an app from using your IP address to figure out where you are.
PayPal’s privacy policy says it can use your data for its own marketing purposes, and that it may share it across other companies that PayPal owns, which include Xoom and Venmo.
Unlike Cash App and Venmo, which are generally thought of as a way to exchange money quickly in person (think splitting restaurant bills) or paying for IRL services like yard work or haircuts, people often associate PayPal with making payments to strangers online. With different use cases come different concerns.
In May, Twitter unveiled its Tip Jar feature, which allows users to easily send money to other users via several payment platforms — including PayPal. The security researcher Rachel Tobac quickly noticed that sending money via PayPal revealed her address to the recipient.
Which, depending on who you’re paying and why you’re paying them, could be no big deal — or it could be a catastrophic privacy disaster.
Huge heads up on PayPal Twitter Tip Jar. If you send a person a tip using PayPal, when the receiver opens up the receipt from the tip you sent, they get your *address*. Just tested to confirm by tipping @yashar on Twitter w/ PayPal and he did in fact get my address I tipped him. https://t.co/R4NvaXRdlZ pic.twitter.com/r8UyJpNCxu
— Rachel Tobac (@RachelTobac) May 6, 2021
This happens because, unless you have a business account, PayPal displays users’ real names along with other information over the course of a transaction. This is not limited to when people use Twitter’s Tip Jar, and is simply a function of the way PayPal personal accounts work (Paypal business accounts function differently).
When it comes down to it, if you’re using Venmo, Cash App, or PayPal, your personal data is being collected and used by those companies. And short of deleting the apps altogether, there’s only a limited amount users can do.
That bothers the EFF’s Gebhart.
“People shouldn’t have to move to a cave and do all their business in cash to enjoy a reasonable standard of privacy,” Gebhart explained over email.
And yes, the cave part may be a bit of overkill. But the cash part? If you’re truly concerned about the privacy of your transaction history, make your default cash as much as possible — at least for the fun stuff.