Skip to main content

What’s a Super App?

  |  Rachael Roth

Financial institutions are acquiring apps and creating "super apps." But what does this mean for your privacy? 

Tech experts are predicting a rise in “super apps”—social media mobile apps that are all-encompassing; they have capabilities unrelated to their primary function, including payment processing and banking. While this type of app hasn’t realized its full potential in the U.S., countries like China, India, and Indonesia have already developed super apps. It’s only a matter of time before Big Tech replicates these ideas in the West.

But many existing apps in the U.S. are already on the verge of becoming super apps or at least have some super-app-like tendencies. 

The word that might come to mind is “metaverse,” a term recently popularized by Meta's Mark Zuckerberg. The metaverse is the ultimate super app, where every function of a mobile app would be possible in one virtual space. Though Meta (formerly Facebook) has allegedly begun development for AR and VR platforms that will take place within a metaverse, we don’t yet know where it will be hosted, or which tech players will be involved (though there are companies like Virbela already creating virtual experiences). But to fully integrate the metaverse into society, it's likely going to require multiple tech conglomerates to work together. 

On a smaller scale, many apps have already begun to cannibalize one another, seemingly for the sake of consumer convenience. Scott Galloway of Intelligencer called payment processing a “non-negotiable” element of super apps—something the apps should be able to do at a minimum. We’ve already seen apps combine for this purpose: PayPal powers Venmo; American Express now owns Resy; JPMorgan owns The Infatuation

It’s not clear if these acquisitions are a step toward a consumer-friendly market or the creepiest foreshadowing since 1984. But there is one clear angle: financial institutions get a sliver of each transaction through the app, which is even more valuable than the ad revenue and data sales that social media companies rely on. 

At first glance, this financial structure might be more reassuring to consumers than social apps which have no upfront costs but track and sell user data. Yet banks and payment processors are no strangers to tracking consumer habits. In 2020, Fast Company published an article detailing a new type of surveillance capitalism: credit card companies tracking shoppers. According to the article, in 2019, Mastercard made $4.1 billion by leveraging its massive amount of transaction data. 

AmEx’s privacy policy, which is similar to Mastercard’s, states that they collect user data to:

  • present content or ads online that are tailored to your interests, including Targeted Advertising, across multiple devices; send or provide you with ads, promotions, and offers; 
  • analyze whether our ads, promotions, and offers are effective; 
  • help us determine whether you may be interested in new products or services;
  • provide location-based content and advertising personalization

While this policy doesn’t outwardly state that AmEx will share your data with third parties, it seems unlikely that the targeted ads and promotions would come exclusively from American Express. Mastercard, in addition to other credit-card processing networks like AmEx and Visa, alleges that data like this is aggregated and anonymized. But even so, it doesn’t prevent these institutions from specifically targeting customers within the platform. Additionally, AmEx offers rewards like exclusive reservations and dining experiences if you add your card to your Resy profile, encouraging users to keep both transactions and reservations all in one place. 

Resy has not experienced a data breach in the past, and by processing payments with a longstanding financial institution like American Express, (who has likewise never claimed to have experienced a data breach) they’re inherently more trustworthy. Were a breach to happen, users would not be liable for any fraudulent charges. 

Enhanced security measures and consumer convenience aside, the red flags that arise when we think about AmEx buying Resy speak more to user privacy. 

Our behaviors, activity, and transactions are all conducted online, paving the way for a digital-first world that comes with lots of conveniences, but makes consumers more vulnerable in many ways. Let’s be honest, though: Most of us are not keeping cash in our sock drawers and/or calling up a restaurant to make a dinner reservation. 

Consumers can still be conscientious when using apps like Resy. Here are some things to remember:

  • Use a secure and unique password for your account. (Dashlane can help!)
  • Consider using a guest account rather than setting up a profile.
  • If you want to keep your activity more private, change your Google settings so that restaurant bookings do not immediately appear on your calendar. 
  • Resy stores your credit card information through Braintree, a validated Level 1 PCI DSS Compliant Service Provider, yet if you opt out of adding a credit card, you can still use most functions on the app. 
  • Resy does not offer multifactor authentication to sign into the app through the browser, so be sure to use a security-focused browser and browser extensions.
  • If you use the Resy app, make sure your mobile device is protected, ideally with biometrics like Face ID or Touch ID. 

Super apps may be an inevitable part of the future, but that doesn’t mean we can’t thoughtfully decide how and when we want to opt in. 

Sign up to receive news and updates about Dashlane