A new survey by VPN provider Surfshark has found that Chrome collects the most information from users’ phones, while “TOR stands out as the most privacy-centric browser by collecting no data at all.” The two were among 10 that researchers analyzed, after using AppMagic, a market intelligence tool, to select the most popular browser apps on Apple phones in the US in 2025, they said in a post outlining their findings. The researchers noted, “Chrome is the most data-hungry, collecting 20 different data types across numerous categories. These include contact info, financial details, location, browsing history, search history, user content, identifiers, usage data, diagnostics, and other types of data. Chrome is the only browser that collects financial information, such as payment methods, card numbers, or bank account details.” It is also, they stated, the only browser that collects a list of contacts from the user’s phone, address book, or social graph. The researchers said that the remaining browsers each only collect an average of six data types, with Bing having the second-largest appetite, collecting 12 data types. Apple’s Safari browser collects eight. Other findings revealed that: 40% of the analyzed browsers apps collect users’ locations. Safari, Chrome and Opera “collect coarse location, which refers to a user’s or device’s location with less precision than exact latitude and longitude. Bing is the only app that collects precise location data.”The report pointed out that 60% of the apps don’t collect any location information, suggesting that it is not necessary for a browser app to collect user location in order to function. “This raises concerns about why some browsers collect this data and how it is used,” the researchers wrote. Only Opera, Bing, and Pi Browser ads collect data used for third-party advertising. Pi Browser, Edge, and Bing collect data that is used to track an individual. DuckDuckGo and Firefox fall into a moderate category in terms of data collection, the study found; they avoid collecting the most sensitive data. They do gather information such as user contact information, identifiers such as device ID, usage data, and diagnostics. “These browsers may suit users with moderate privacy concerns but still require robust browsing capabilities,” the researchers noted. In terms of worldwide market share on Apple devices, Chrome and Safari account for 90% of the total. When asked for his reaction to the findings, Forrester Senior Analyst Andrew Cornwall said, “If you’re interested in privacy, a mobile device is not your friend. Both Apple and Google learn a lot about you through your interactions with your phone. Android users expect some level of snooping in return for subsidized hardware and software. Apple users expect more privacy but leave a similar digital trail that Apple can follow.” Most users, said Cornwall, “are willing to trade some privacy for ease of use. They like not having to enter passwords manually. They may be willing to let Chrome remember their credit card details if it means the browser will fill in the field for them when they’re paying bills online. They use Gmail as their email provider. However, users don’t realize how much information about them is collected.” Safayat Moahamad, research director at Info-Tech Research Group, said, “mobile browsers are uniquely positioned to observe user behavior. Companies like Google and Microsoft use the data they collect (such as search terms, visited sites, and geolocation) to personalize services, improve features, and more crucially, power targeted advertising.” The more granular the data, he said, the more valuable it becomes for ad revenue and product stickiness, as well as for inferences about user intent that drive business decisions.  Asked if the current regulatory gaps allow browsers to collect data without adequate oversight, and could new laws change the game, he said that the answer is yes and no: “The recent Honda–CPPA settlement is a prime example. Regulators found that cookie consent practices lacked symmetry. Users weren’t given equal options to accept or reject tracking.” This highlights a broader problem, said Moahamad “which is that many browsers enable tracking that circumvents true consent through dark patterns or deceptive settings. Despite laws like GDPR and CCPA setting important guardrails, new laws, like the EU’s Digital Markets Act and enforcement action such as US FTC’s settlement with Honda, aim to close these gaps and give users actionable control.” What it all means, he said, is that there are “absolutely security risks for the users, and they’re growing. Browsers store session cookies that keep you logged in, and hackers are now stealing those cookies at scale, 17 billion and counting.” According to Moahamad, “this lets attackers bypass passwords and even MFA, slipping silently into your accounts. Malware, rogue extensions, and phishing links are all entry points. Users may feel safe with 2FA, but if your browser is compromised, your defenses fall apart.” When  it comes to the collection of personal data via browsers, said Cornwall, “there are no technical solutions, only mitigations. Deleting cookies, disabling location, and renewing location/advertising IDs on device can help, but Apple and Google still know your device ID.” Strong data protection legislation, he said, “has been enacted in some jurisdictions, with financial penalties to enforce user privacy rights. However, that leaves opportunities for multinationals to hide amidst a patchwork of laws.”