Finance apps are having a very big moment. According to App Annie, global app installs in the finance category grew 28% YoY in 2021. Fueled in part by the pandemic, mobile 'fintech' app usage is completely transforming personal and commercial finance and the competition is on among incumbent banks, neobanks and every type of finance app in between as they all race to aquire new customers along with their deposits and investments.
Finance Apps: Trust is Fundamental
In this environment, trust may be the most important common denominator in the drive to increase finance app installs and engagement. Consumers around the world even trust certain technology companies more than traditional banks. In a global consumer survey by Bain & Company, 54% said they trust at least one tech company more than banks in general, and 29% trust at least one tech company more than their primary bank.
But are fintech companies putting their consumer trust at risk when it comes to online tracking and privacy? It appears so.
In the release of iOS 15.2, Apple introduced a new feature called Record App Activity. We used that new privacy tool to analyze 10 popular finance apps and the network connections they make when permission to track is denied to consider how those connections will be perceived by consumers.
Suspicious Network Connections
The results of our analysis is surprising and will no doubt raise questions among consumers. The analysis inludes widely installed apps including Citi Mobile, Wells Fargo, eTrade, Venmo and PayPal.
We found on average, 14 network connections are made when permission to track is not granted and 69% are to third-party domains.
Each app was installed and then opened only once without registering to understand the starting set of connections. Some finance apps immediately established a high number of connections as soon as the app was opened while others made few connections.
In our sample of apps, Venmo made the highest number of connections at 33 with 76% being third-party domains while Bank of America made the fewest number of connections (3), with 33% being third-party.
First-party connections are those that use the apps's domain which implies that any data being collected is being used for first-party purposes and not shared with other companies for advertising. It could also be that the connection is needed for the app to function properly.
Third-party domain connections are often obscure or worse they reveal only an IP address which is even more suspicions. Bad actors in the ecosystem will use such techniques to hide what they're doing.
At the moment, Apple's app activity report raises more questions than it answers including:
- Who owns the domain?
- Why is my app connecting to that domain?
- Is it secure and what data is being collected?
- Is my data being shared?
Apple is likely to build more transparency into this privacy tool to answer these questions. In the meantime, consumers will use this app activity report to make decisions about which apps to uninstall.
As the advertising ecosystem evolves, privacy will become a point of differentiation for financial apps as well as other app categories. Marketing and development teams that take action now will help prevent apps and their companies from called out in articles about surveillance marketing.
Marketing teams themselves may be in the dark when it comes to understanding the domain connections their app is making and what each is doing. This is an opportunity for marketing and app development teams to get in synch:
- Go through each connection and make sure your marketing and customer service teams understand why it's needed.
- Evaluate the usefulness of each connection and determine if the app can do without it.
- Are there non-PII, privacy-first solutions that are better aligned with the latest privacy policies from Apple and Google which could reduce the number of domain connections your app is making?
When looking at these connections, you'll find that some third-party SDKs are the culprit. If a third-party marketing solution requires an SDK, the company typically needs your app's data to feed their business model.
Cloud-based, privacy focused solutions like URLgenius don't need to make domain connections that will raise suspicions among your customers. Regardless of the channel or use case, your links and QR codes will increase app installs and engagement without ever tracking your customers around the internet or sharing your app data.
Contact us for a free evaluation of the domain connections your app is making compared to other apps in your category. We can guide your team on how to minimize these connections while finding ways to help yor exceed your app install and reengagement targets.