How much data does your favorite messaging app collect? New study shows 90% of messaging apps now include AI that puts privacy at risk

1. Computing
2. Computing Security
3. Cyber Security

How much data does your favorite messaging app collect? New study shows 90% of messaging apps now include AI that puts privacy at risk News By Rene Millman published 6 June 2026

A new study highlights how AI integration and aggressive data tracking are chipping away at our digital privacy, even on encrypted platforms.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• Nine out of the top 10 messaging apps offer end-to-end encryption, but 90% now feature AI tools that could expose your private data.
• Signal ranks as the most private messaging app, utilizing quantum-secure cryptography and collecting only your phone number.
• Meta’s Messenger and LINE rank among the worst offenders for aggressive data harvesting, collecting vast amounts of user information for advertising and tracking.

We trust messaging apps with our most intimate conversations, from sharing passwords with family members to venting about our bosses. However, while we naturally assume our private chats are staying private, a disturbing new analysis reveals that your favorite app could be harvesting your data right under your nose.

A recent study by cybersecurity firm Surfshark took a magnifying glass to the 10 most popular iOS messaging apps of 2025. The researchers looked past basic marketing promises, examining encryption standards, data collection practices, and the creeping introduction of artificial intelligence features.

The good news is that basic security is becoming an industry standard. 9 out of the 10 apps analyzed provide end-to-end encryption (E2EE), meaning nobody, not even the app developer, should be able to intercept and read your messages.

If you combine a secure messaging platform with a reliable VPN to encrypt your wider web traffic and hide your IP address, your daily communications are generally safe from prying eyes.

However, the bad news is that aggressive data collection and poorly implemented AI integrations are quietly undermining these encryption efforts.

You may like

• ExpressVPN uncovers 3.7 million items of leaked AI chatbot data
• iPhone owners urged to change this key privacy setting after FBI recovers suspect’s deleted Signal messages
• Workplace apps gathering far more personal data than we all think

The best (and worst) messaging apps for your privacy

When it comes to treating your data with respect, the messaging market is sharply divided. Surfshark evaluated 35 specific data types listed in the Apple App Store to see exactly what these companies are scooping up.

The best: Signal

(Image credit: Signal)

With an exceptional privacy score of 0.99, Signal easily takes the crown. It avoids user tracking entirely and only collects one piece of data: your phone number.

Alongside Apple’s iMessage, Signal is also one of the only apps to offer quantum-secure cryptography, future-proofing your messages against next-generation cyber threats.

The worst: LINE and Messenger

(Image credit: DenPhotos / Shutterstock)

On the other end of the spectrum, LINE ranks at the absolute bottom with the lowest privacy score. Both LINE and Meta's Messenger are notorious for their data-hungry practices.

While the average messaging app collects 17 data types, Meta's Messenger collects a staggering 32 out of a possible 35 data types.

What to read next

• The end of encrypted DMs? Why Instagram is rolling back its biggest security feature
• '88% Confident 90% Misled': Government & critical infrastructure leaders fundamentally misunderstand the security of the apps they use
• Travelling back from Asia? Surfshark warns against the silent data collection of the most popular local travel apps

Furthermore, 30 of those data types can be exploited for purposes completely unrelated to the app's functionality, such as targeted advertising and product personalization.

The stragglers: Discord and Rakuten Viber

(Image credit: Getty Images)

Discord stands out as the only app in the study that completely fails to provide end-to-end encryption for text-based messages. Along with LINE and Rakuten Viber Messenger, Discord is also one of the few platforms that actively collects data specifically for user tracking.

The growing risk of AI in your private chats

While encryption keeps hackers out, the widespread adoption of AI tools is creating entirely new vulnerabilities. A staggering 90% of the messaging apps analyzed by Surfshark now offer some form of AI integration.

Whether it's a virtual assistant summarizing a long chat or an AI bot translating a message, these features require access to your conversational data. You aren't just talking to a helpful virtual friend; you are feeding data directly back to the service provider.

Highlighting this threat, researchers from New York University and Cornell University warned in the Surfshark report that “AI features are being developed at a rapid pace, raising significant security risks for users of E2EE applications”.

Ultimately, technology can only protect you so far. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) recently issued warnings about phishing campaigns specifically targeting secure platforms like Signal.

If a hacker tricks you into handing over your login credentials, no amount of quantum-secure encryption will keep your contact lists and private messages safe.

Want to know more? You can read the full Surfshark report here

Today's best Surfshark deals+3 months freeSurfshark 24 Months US$1.99/mthViewat SurfsharkSurfshark 12 Months US$3.19/mthViewat SurfsharkSurfshark 1 Month US$15.45/mthViewat Surfshark Rene MillmanContributing Writer

Rene Millman is a seasoned technology journalist whose work has appeared in The Guardian, the Financial Times, Computer Weekly, and IT Pro. With over two decades of experience as a reporter and editor, he specializes in making complex topics like cybersecurity, VPNs, and enterprise software accessible and engaging.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more VPN Privacy & Security ExpressVPN uncovers 3.7 million items of leaked AI chatbot data Phones iPhone owners urged to change this key privacy setting after FBI recovers suspect’s deleted Signal messages Security Workplace apps gathering far more personal data than we all think VPN Privacy & Security The end of encrypted DMs? Why Instagram is rolling back its biggest security feature Security '88% Confident 90% Misled': Government & critical infrastructure leaders fundamentally misunderstand the security of the apps they use VPN Services Travelling back from Asia? Surfshark warns against the silent data collection of the most popular local travel apps Security FBI urges users not to download Chinese mobile apps over privacy risks Pro ExpressVPN launches ExpressAI chatbot to end the era of AI data mining VPN Services Microsoft Edge and Aloha caught sharing precise user location data with third parties Security Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says VPN Privacy & Security Russian researcher claims state-backed MAX app secretly records users and monitors VPNs Phones iOS 26.5 brings cross-platform encrypted RCS messaging, but there’s catch Latest in Cyber Security Security Hackers abused Stripe and Google Tag Manager to launch a credit card theft campaign and host stolen payment details Security 'Fraud won’t be tolerated in this country any longer': FBI releases Most Wanted Fraudsters list to help fight the crime that 'costs Americans tens of billions of dollars every year' Security Russian hackers attack Europe for the Motherland in crypto fueled Great Patriotic Cyber War Security 2.6 million DentaQuest accounts exposed by data breach – ShinyHunters claim 234GB of data stolen Security FIFA World Cup 2026 hype kicks off fraud, fake apps, and ransomware targeting fans and businesses Security ‘Data can place the lives of frontline military or other personnel at risk’: FBI warns that China is luring Western military and intelligence operatives with 'gig-work' job offers to steal secrets Security Hackers could use poisoned WhatsApp and Slack notifications to take over your Google Gemini – and make it work on their behalf Security OpenAI’s Codex helps discover HTTP/2 Bomb DoS attack that can nuke over 30GB of RAM within seconds, knocking web servers offline before they can react Security NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what we know Security Meta, Starlink and Microsoft team up with the FBI to delete over 1.4 million accounts and seize millions in cryptocurrency related to huge scam networks targeting Americans Security Huge hacking campaign uses spoofed Ghidra, dnSpy, and SpiderFoot security tools to harvest ad revenue and serve malware Security Microsoft is ditching password-based authentication tomorrow – Edge browser will switch to Windows Hello access Latest in News Gaming Final Fantasy 7 Revelation let's you jump out of an airship Fortnite style Gaming This year's PC Gaming Show will provide looks at more than 50 games and also feature a behind-the-scenes look at one of my most anticipated games of the year — here's how to tune in Gaming Mark Rosewater has made me excited for Magic's next Universes Beyond set VPN Privacy & Security Russian Roskomnadzor accused of launching active DDoS attacks on VPN services — here's what we know so far Gaming One of my all-time favourite JRPGs is coming to Xbox Game Pass for June Pro ‘This is a fundamental shift in how we prepare for pandemics’: Researchers used AI and known genetic codes to develop a ‘fundamentally new’ vaccine that ‘could help speed up the roll out vaccines to benefit people all over the world’ Computing Components If you own a Creative Katana V2X speaker, there's something you must know Gaming 'Nintendo products are fully compliant with these requirements' — A new Nintendo Switch 2 model featuring a removable battery will be released in the EU soon to meet regulations Fitness Apps Google Health updates app with 14 new features to address Fitbit user concerns Security Hackers abused Stripe and Google Tag Manager to launch a credit card theft campaign and host stolen payment details Security 'Fraud won’t be tolerated in this country any longer': FBI releases Most Wanted Fraudsters list to help fight the crime that 'costs Americans tens of billions of dollars every year' GPU Nvidia RTX 5000 Super GPU refreshes could arrive in 2026 after all LATEST ARTICLES

1. 1One year ago, Ukraine launched Operation Spiderweb to destroy billions of dollars worth of Russian combat planes – It 'served as a warning to the United States'
2. 2Final Fantasy 7 Revelation let's you jump out of an airship Fortnite style
3. 3‘Our hardware is designed to be picked up and shaken about’: Aquark Technologies takes quantum sensing outside of the lab as a viable GNSS alternative
4. 4Quordle hints and answers for Saturday, June 6 (game #1594)
5. 5NYT Strands hints and answers for Saturday, June 6 (game #825)