13 apps that spy on you

When you want your spring break to feel like and your kid's pool day to feel like

and your hotel bed to feel like.

Ooh, and room service to feel like.

Because at Hilton, hospitality feels like.

Your cabana's ready?

Would you like fresh towels?

It matters where you stay.

Book now at hilton.com.

Hilton for this day.

Hey there, it's Kim.

And welcome to the audio version of my daily tech newsletter, The Current,

read by nearly a million people every single day.

Now let's get into today's newsletter for Friday, March 13th, 2026.

And yes, I said Friday the 13th.

The calendar's designated drama queen is officially here.

And I've got a fun fact for you later in the show about where this whole superstition

actually came from.

And I promise it is not what you think.

But first, let's talk about what is actually haunting you this Friday the 13th.

And believe me, this is scarier than any ghost story and it starts like this.

You downloaded a flashlight app, a free game, a weather widget, something useful, something free,

something completely harmless looking.

But here's what you need to know.

Free apps and surveillance tools with a useful feature stapled on top are often the exact same thing.

The app works.

It also happens to be quietly reporting your location, your contacts, and your browsing habits

to companies you have never heard of.

I put together a list of 13 common apps with documented histories of harvesting your data.

Most people have at least four of these installed right now, which means you are not the customer.

You are the product.

Let's go through them.

Number one, third party flashlight apps.

The FTC went after one popular flashlight app.

After it was quietly sending users precise GPS coordinates to advertisers.

Your phone already has a built-in flashlight.

Delete the app.

Number two, free QR scanner apps.

Same deal.

Your phone's camera already scans QR codes natively.

Many third party apps exist for one reason only.

Ads and data collection.

You don't need them.

Number three, free weather apps.

The weather channel app settled a lawsuit over selling location data to advertisers.

Your phone's built-in weather app works perfectly fine.

Let it do its job.

Number four, free VPN apps.

This one really gets me.

You download a VPN specifically to protect your privacy.

And it turns around and sells your browsing history.

Free VPNs are almost never actually free.

Pay for one, you trust.

Number five, AI photo apps.

That fun app that makes you look 20 years younger.

It asks for full access to your camera roll.

And in some cases, your facial biometric data.

Think about that for a second.

Now here are the ones you probably forgot about.

Number six, life 360, marketed to parents as a family safety app.

But it was also quietly selling precise location data to data brokers,

including your kid's locations.

If you're keeping it, go to settings, then privacy and security,

then location services, then life 360, and set it to while using only.

Number seven, true color.

Here's how this one works.

True color builds its entire database by uploading the complete contact list

of every person who installs the app.

So even if you never downloaded it, if your friend has it,

your name and number are already in the database.

Number eight, words with friends.

A breach exposed data on over 200 million accounts.

Names, emails, login credentials, phone numbers.

If you still play, at minimum use a throwaway email address.

Now, these are the ones that surprised me most.

And I've been doing this a long time.

Number nine, flow health.

The popular fertility app settled with the FTC

after sharing users' reproductive health data with Facebook and Google.

Deeply private information.

If you use it, go into the app's settings and enable anonymous mode.

Or better yet, switch to Apple Health's on-device tracking,

which never leaves your phone.

Number ten, Facebook.

If you ever granted always location access,

Facebook tracks your movements even when the app is closed.

Go to settings, then privacy and security,

then location services, then Facebook,

and change it to while using or never.

Number eleven, TikTok.

Researchers caught TikTok reading iPhone users' clipboard data

every few seconds.

That means passwords, banking confirmations, medical notes.

Anything you had copied, TikTok potentially saw.

The company says it fixed it.

But you should check anyway.

Number twelve, door dash.

A breach hit nearly five million customers, drivers, and merchants.

Drivers license numbers, bank account info, all of it.

Go into the door dash app, find settings, then account, then privacy,

and kill every marketing permission.

You ordered a burrito, not a data relationship.

At number thirteen, any app you haven't opened in 30 days.

Right now, open your phone and scroll.

Count the ones collecting dust.

Those are your starting point.

Delete them.

If you genuinely miss one, re-download it.

You won't miss any of them.

Now, I've laid out all thirteen apps with the exact step-by-step checklist

for locking each one down.

It's all waiting for you in today's newsletter.

Open the current in your inbox.

And run through that list this weekend.

Five minutes, worth every second.

And if you're not on my newsletter yet, sign up for free right now

at GetKim.com.

That's GetKim.com.

Nearly a million people get this every single day.

And it is completely free.

Okay, let's hit a few stories from around the web this week.

This one made my skin crawl.

A Texas mom says her Amazon Alexa got deeply weird

with her four-year-old after story time.

The device started asking what the girl was wearing.

Then said, let me take a look when she answered.

Amazon says it was a feature misfire

and that the child's profile blocked the camera from ever activating.

Maybe, but creepy is creepy.

Mom unplugged it.

I would have two.

And if something ever feels off with your smart home device, trust that instinct.

Now, here's one that is sneaky and timely.

And I want you to remember this the next time you check your email.

You know those.

Your data was exposed type of emails you've been getting.

Some of them are fake.

Scammers have figured out that when a real company gets hacked,

there's a window of confusion.

Real breach notices can show up weeks later.

They're often sent by third parties you don't recognize.

And most people are already on edge.

That is exactly the opening scammers need.

They crank out convincing fake breach notices

right after a real hack makes the news.

And they use AI to make those emails look even more legitimate.

The goal is to get you to click a link

and hand over your social security number

to verify your identity.

Don't.

At this point, any email marked urgent is guilty until proven otherwise.

If you think a breach notice might be real,

go directly to the company's website yourself.

Type it in.

Don't click anything in the email.

And now here's one that is urgent and actionable.

There's a nasty bug affecting potentially a quarter of all Android phones

with MediaTek chips.

A hacker with physical access to your phone

can brute force their way into your device in under a minute.

Messages, files, even crypto seed phrases are on the menu.

MediaTek has pushed a fix to manufacturers.

So now comes the fun part of waiting to see which phone brands actually treat security

like an obligation.

Here's what you do right now.

Update your phone by going to settings then system.

Then software update and avoid random public USB ports.

Use your own charger.

If your phone gets lost, lock or wipe it fast.

And here's a fun one for your next dinner party.

You know how billionaire debt is less about,

I need a loan and more about,

I'd like to keep my money doing more important stuff?

Well, Elon Musk worth somewhere around $842 billion.

Reportedly financed about $61 million

across five California properties.

Ultra-rich people hate turning investments into cash

if they don't have to.

Sell stock, you trigger taxes.

Barrow against assets, you keep the machine humming.

Zuckerberg did it.

Paris Hilton did it.

And suddenly your 30 year fixed has the aura of a luxury tax strategy.

Now, before we keep going,

today's newsletter has some seriously good deals.

Big beauty upgrades under $25.

A few home picks I actually love.

And some things you'll want to grab before they sell out.

All the links are waiting for you inside today's issue of the current.

And if you want to browse all of my best picks,

your round head to Amazon.com slash shop slash Kim Commando.

That's Amazon.com slash shop slash Kim Commando.

I keep it stocked with everything I actually use and recommend.

All right, I have to tell you about this one

because you're going to bring it up at the next thing you attend.

Your emoji keyboard is about to get a lot more crowded.

Apple's latest developer beta has introduced 163 new emojis.

There are 150 skin tone variations for existing things

like people wrestling and bunny ear dancers.

But the 13 brand new icons were talking in Orca,

a landslide, a treasure chest,

a big foot style hairy creature,

and a cartoon fight cloud.

Wow.

But the one the internet actually cares about is a distorted face emoji.

It's like the classic shocked face drank three red bulls

and had a panic attack.

It is a perfect reaction image for opening your credit card

statement after the holidays.

Just saying.

Now, let's hit a quick tip before we wrap up.

And you really need to remember this one.

Google Maps will now tell you how hard it is to park

before you even leave the house.

Search your destination, tap the card directions icon,

and look for the small P icon at the bottom of the screen.

It will say easy, medium, or limited.

That one word just saves you 20 minutes of circling the block

of muttering things you wouldn't say in front of your mother.

Before I let you go, I have to tell you our fun fact

about Friday the 13th.

And I love this one because it's the kind of thing

that sounds made up, but really isn't.

Most people assume the Friday the 13th superstition is ancient.

The night's Templar story gets trotted out a lot.

On October 13th, 1307,

King Philip IV of France ordered the arrest, torture, and execution

of an entire order of warrior monks

in a single morning, yikes.

But here's the thing.

For the 600 years after those arrests,

nobody connected that date to bad luck.

No medieval writings.

No folklore.

Nothing.

The real origin?

A 1907 pulp novel.

A writer named Thomas Lawson wrote a thriller about a Wall Street operator

who engineers a market panic on Friday the 13th.

And that book is what cemented the two together in popular culture.

Before it, 13 and Friday each had their own spooky reputations.

They just hadn't been formally introduced.

A Wall Street novel did what six centuries of history couldn't.

Wow.

Alrighty folks, that is all I have for you

in today's audio edition of The Current.

Thank you sincerely for spending part of your Friday with me.

I know your time is valuable and I don't take that lightly.

If you're not already getting the full newsletter,

head over to GetKim.com and sign up for free.

That's GetKim.com.

You'll get the complete checklist for all 13 apps.

The Amazon deals of the day, the deep dives, the device tips.

All of it every morning, right in your inbox, and it is completely free.

And remember, I am always on your side.

Cutting through the noise, keeping it straight,

bringing you the most trusted tech news out there.

Stay safe and tech ahead.

And I'll see you next time, friend.

Hey, let me know what you think about these podcasts.

There's a special address.

Podcasts at commando.com.

That's podcast with an S, of course.

P-O-D-C-A-S-T-S at commando.com.

And by the way, a couple of people read those notes.

So make sure that you're always kind and nice.

Again, podcast at commando.com.

Let me hear from you.

Ryan Reynolds here from Mint Mobile.

The message for everyone paying big wireless way too much.

Please, for the love of everything good in this world, stop.

With Mint, you can get premium wireless for just $15 a month.

Of course, if you enjoy overpaying no judgments, but that's weird.

Okay, one judgment.

Anyway, give it a try at mintmobile.com slash switch.

A upfront payment of $45 for three month plan,

equivalent to $15 per month required.

Intro rate for three months only.

Then full price plan options available.

Taxes and fees extra.

See full terms at mintmobile.com.