We Built Apps That Track You. Here's What Developers Actually See.

I've spent years building web and mobile applications. I've integrated dashboards, wired up session recorders, and dropped tracking pixels into codebases without a second thought. It is just part of the job.

But there's a moment, usually late at night staring at a dashboard, when the reality of it hits you: this is a real person, not numbers on a screen. And you may know more about them than their closest friends do.

Let me tell you what we actually see.

The Dashboard Nobody Talks About

When you download a free app or visit a website, there's a strong chance a developer somewhere has access to a tool like Mixpanel, Amplitude, Hotjar, or FullStory. These aren't sinister underground tools; they're mainstream, sitting inside products you use every day.

Here's a sample of what those dashboards show us, in real time:

• Every screen you visited and how long you stayed

• Every button you tapped, including ones you tapped and then changed your mind about

• Your session replay: a literal video recording of your mouse moving across the screen

• Your device model, OS version, carrier and battery level at the time

• Your approximate location, often down to the city or neighbourhood

• How you arrived; what ad, link or notification brought you in (you can see this from the URL)

• What you almost did: rage taps, hesitation patterns, abandoned forms

That last one is particularly telling. If you started filling out a form, say an insurance quote, a loan application, or a mental health intake form, and then stopped halfway through and closed the app, that half-finished data often still gets sent.

The developer sees what you typed. Sometimes even what you deleted.

"But I Never Agreed to This"

You did. Buried in a privacy policy you didn't read (and that nobody reads) is a paragraph that grants broad permission for "usage analytics," "service improvement," and "third-party partners." Legal. Routine. Invisible.

The uncomfortable truth is that privacy policies are written by lawyers to protect companies, not to inform users. They're designed to satisfy regulators, not to communicate clearly with the person who just downloaded a flashlight app.

What most people don't realize is that even "anonymous" data isn't really anonymous. When you combine device model + OS version + screen resolution + carrier + city + time zone, you get something researchers call a device fingerprint: a combination so unique it can identify you across different apps and websites, even without your name or email address. No cookies. No login. Just some intelligent math.

The Session Recorder Problem

Of everything I've seen in a developer dashboard, session recorders are the part that would disturb most users the most.

There are tools that let developers watch playback recordings of real user sessions. Reputable implementations are supposed to mask sensitive fields like passwords and card numbers. But the configuration is entirely in the developer's hands. And misconfiguration usually happens. There have been documented cases of health information, financial data and personal messages being captured unmasked and stored on third-party servers.

Even when implemented "correctly," the question remains: should a company you barely know have a video of you using their app? Most people would say no. Most people have no idea it's happening.

What You Can Actually Do

I'm not telling you this to make you paranoid. I'm telling you because awareness is the first step and there are practical things you can do today. Let’s dive in:

On your phone:

• Go to Settings → Privacy (iOS) or Settings → Permissions (Android) and revoke location access for any app that doesn't strictly need it.

• Turn off "Allow Apps to Request to Track" on iOS entirely. This limits cross-app data sharing significantly.

• Periodically delete apps you haven't used in 30 days. Dormant apps still phone home.

On the web:

• Use a browser like Firefox or Brave that blocks trackers by default.

• Install the uBlock Origin extension. It blocks most analytics and session recording scripts before they load.

• Be especially cautious on forms. If you're not completing a form, close the tab entirely; don't just navigate away.

In general:

• Treat "free" apps as products where you are part of the value being extracted.

• When an app asks for permissions that make no sense for its function (e.g a recipe app wanting your contacts, a game wanting your microphone) decline. Or, better still, uninstall.

A Developer's Honest Take

I want to be clear: most developers aren't sitting at dashboards rubbing their hands together. The vast majority are just trying to understand whether the onboarding flow works, why users drop off on step three, or if the checkout button is too small.

The problem isn't malice. It's that the infrastructure for surveillance was built into the default toolkit, and few people stopped to ask whether it should be. Collecting everything became easier than deciding what was actually needed.

The industry is slowly changing: GDPR in Europe, App Tracking Transparency from Apple and growing user awareness. But the defaults still favour collection over privacy.

Until that changes, it helps to know what's happening on the other side of the screen.

Because I promise you: someone does.

Have questions about app privacy or want to know how to audit your own phone's data exposure? Drop them in the comments.