Risking more than bets: data privacy concerns in leading betting apps for Super Bowl LVIII
With Super Bowl LVIII fever gripping the US, millions of sports fans are flocking to mobile betting apps for a piece of the action. But beneath the thrill of the game lies a troubling reality: many users are unwittingly gambling with not just their money, but also their personal data. The latest Incogni research uncovers some concerning practices of the most popular betting services. DraftKings emerges as the frontrunner when it comes to extensive data collection, while Caesars stands out as the most generous when sharing users’ data with third parties.
Key insights
- DraftKings collects the most data (22 data points), including your precise location, photos, videos, contacts, files, and docs. It even collects data about other installed apps, and messages.
- Caesars, Sky Bet, and William Hill tied for second place (17 data points), all collecting data that includes purchase history.
- Sky Bet gathers health information as well as users’ credit scores, which may extend to information about bank accounts, debts, and mortgages.
- FanDuel collects a total of 14 data points. These include precise and approximate location, photos, and installed apps.
- Caesars stands out as the most data-sharing app (14 data points reach third parties). This includes precise location and in-app search history.
- BetMGM claims not to collect or share any data, which seems unlikely.
- More than half of the investigated apps, including BetMGM, FanDuel, DraftKings, and Caesars, have been directly or indirectly affected by a data breach or hacking attack.
The risks of data privacy
For years, sports betting was heavily restricted due to multiple scandals. However, legislation enacted in the past decade has opened the possibility of making new bets across multiple states. Given the buzz around the 2024 Super Bowl, concerns over data privacy loom larger than ever.
Incogni, a personal data protection company, conducted research that sheds light on the data collection and sharing practices of the 7 most popular betting apps. Researchers analyzed 15 data-point categories to understand the scope of their data collection and sharing practices to better understand the risks involved for users. The findings are concerning: user data is extensively collected and shared, often without clear disclosure or transparency in privacy policies.
The frontrunners in data collection
DraftKings emerged as the frontrunner when it comes to data collection by gathering 22 data points from users, including precise location, photos, videos, contacts, files, and messages. Close behind it are Caesars, Sky Bet, and William Hill, gathering 17 data points each, including sensitive information such as precise location, in-app search history, health information, purchase histories, and credit scores, which may extend to bank account, debt, and mortgage information. FanDuel follows with 14 data points, including precise and approximate location, as well as information on installed apps.
Breaches and data mishandling
We found that you don’t need to give up too much data to place bets on sporting events. However, the risks of giving up any data can be severe. The full impact of doing so is felt when a platform you use experiences a data breach. We found that more than half of the companies behind the apps we investigated were directly or indirectly affected by a data breach. BetMGM was hacked around May 2022 and had the personal information of 1.5M users breached. The information included names, email addresses, and phone numbers.
FanDuel’s customer emails and names were accessed by hackers after a mail service provider was breached in early 2023.
DraftKings experienced a data breach in late 2022, wherein unauthorized parties accessed information about 68K users. The information included names, addresses, phone numbers, and email addresses.
Caesar’s parent company, Caesars Entertainment, had customer data stolen from a compromised third-party IT vendor. The company decided to pay half of the ransom for the stolen data, which has not been leaked as of writing.
Caesars stands out for its extensive data-sharing practices. It shares 14 data points with third parties, including precise location and search history. Meanwhile, FanDuel shares “other info,” which, according to Google’s support pages, can include “[a]ny other personal information such as date of birth, gender identity, veteran status, etc.” Some data collection and sharing with third parties is understandable, as they are necessary to provide the service or proceed with payments. Nevertheless, these numbers of data points seem excessive. Unfortunately, the privacy policies of many betting apps can be unclear, raising questions about what data is actually collected and shared.
The quest for privacy and transparency
Among all investigated betting apps, BetMGM claims not to collect or share any data. This is rare among betting apps, and might be attributed to the fact that Google can only partially monitor whether data collection or sharing disclosures are correct.
Given that data breaches and hacking attacks have affected more than half of the investigated apps, including BetMGM, FanDuel, DraftKings, and Caesars, the risks of giving up any data can be severe. These findings underscore the need for users to be cautious when engaging with betting apps, especially during events like the Super Bowl, where heightened activity may attract malicious actors seeking to exploit vulnerabilities in these platforms.
“As consumers increasingly rely on mobile applications for entertainment and engagement, it should be a priority for developers and regulatory bodies to protect user privacy and data security. Clear and transparent privacy policies, stricter data protection measures, and proactive steps to reduce the risks of data breaches are essential in building trust and confidence among users,” underlines Darius Belejevas, Head of Incogni.
Having identified the top sports betting platforms in the US and UK, Incogni researchers collected information about their apps from the Google Play Store. In cases where several apps were published by the same company or with similar names, apps used for sports betting were prioritized.
Author: David Keech
Analyst comment
Positive news: Millions of sports fans are flocking to mobile betting apps for Super Bowl LVIII.
Market prediction: The market for mobile betting apps will continue to grow as more sports fans seek to engage in betting activities during major events like the Super Bowl. However, there may be concerns and increased scrutiny regarding data privacy practices, which could lead to stricter regulations and measures to protect user privacy and data security.