Is Duolingo Safe? Here’s Everything You Need to Know
Duolingo is a popular language learning app known for its interactive, game-like features. It is used by millions of people around the world, and offers courses in more than 40 languages.
But how does Duolingo really work? How much data does it collect, and is it a secure app? Are there any potential cybersecurity risks you need to be aware of?
How Does Duolingo Work?
Officially released in 2012, Duolingo is available on both Android and iOS platforms, and can be used within any browser.
Duolingo courses differ depending on the language you choose. They are personalized, but all of them include learning, listening, and speaking exercises.
Experience points, leaderboards, hearts, and gems add another dimension to Duolingo, making the experience of learning a new language comparable to playing a video game. If they complete tasks consistently and earn enough points, users can advance to a new league, with the number one spot in the Diamond league being the ultimate goal.
Duolingo courses align with CERF (Common European Framework of Reference for Languages) standards, but the software also utilizes artificial intelligence to personalize the experience for each individual user. Experts have both praised and criticized the app, but the consensus appears to be that it is, at the very least, great for acquiring vocabulary.
Duolingo can be used for free. However, if you want to have access to premium features and remove advertisements, you have to pay for a subscription. The ads are not too annoying and most only last around five seconds or so, but they are fairly frequent—when you complete an exercise, you have to watch an ad to proceed.
Is Duolingo Secure?
There is no evidence Duolingo has ever suffered a data breach. But as a user, you should still do what you can to secure your account. For a start, create a strong and unique password, and never share it with anybody. It would also be a good idea to limit the information you share with Duolingo, though it should be pointed out that some of the information you choose to share (e.g. your phone number and contacts) will be hashed or encrypted.
Duolingo itself may be relatively secure, but that doesn’t mean cybercriminals haven’t found a way to seize on its popularity. For example, the Israeli cybersecurity firm Sygnia identified in 2022 a phishing campaign that involved threat actors impersonating Duolingo to steal private information.
As The Jerusalem Post reported at the time, the targets received an email claiming that they purchased a premium subscription to Duolingo—the email urged them to contact “customer support” to cancel the subscription. If the victim got into contact with a supposed support agent, several malicious programs would be installed on their computer, allowing the threat actor to access their information.
If you receive an email claiming to be from Duolingo, make sure that it actually is from Duolingo. Check the email address it was sent from first, and pay attention to the message itself. If it contains spelling errors, a suspicious link, or an urgent call to action, it might be a scam. As a general rule of thumb, you should double-check every email and keep the usual online safety tips in mind at all times.
How Much Data Does Duolingo Collect?
Duolingo says it doesn’t record location information or email addresses, but admits to recording the following:
- Mouse movements.
- Session duration.
- Technical specifications (device type, operating system, IP address, etc.).
Some of this may seem nefarious, and one could argue that it is, but you’d be hard-pressed to find an app or website that doesn’t collect this type of data.
What’s more problematic is the fact that Duolingo works with a number of third-party analytics firms and advertising networks, and shares user data with them. This includes Google, Facebook, Oath, and Unity, all of which collect data in order to serve targeted and personalized advertisements. Duolingo itself recommends users scan through the privacy policies of the third parties it shares data with, which implies that they may collect data Duolingo itself has no interest in.
For what it’s worth, the non-profit organization Common Sense still does not recommend children use Duolingo without adult supervision, having given it a privacy evaluation score of 61 percent.
What about app permissions? Whether you’re using an iPhone or an Android smartphone, the Duolingo app may ask for certain permissions. It might need to access your microphone (for speech exercises), contacts (if you want to share), and files and media (if, for example, you want to upload an image to use as an avatar).
To modify permissions on Android, launch the Settings menu and navigate to Apps. Find Duolingo, tap it, then tap Permissions. If you’re using an iPhone, navigate to Settings > Duolingo, and change permissions there.
All in all, Duolingo is not the most invasive app in the world, but since it serves advertisements, it gathers data some people may not be comfortable sharing
Duolingo: Learning a Language Comes With a Price
You may not become fluent in a new language with Duolingo, but it will definitely help you get there, primarily by expanding your vocabulary. This comes with a price: even if you don’t opt for a subscription, you will still give up some personal data.
Duolingo may be the most popular language learning app out there, but it’s definitely not the only one. If you don’t like it for some reason, there are plenty of interesting alternatives to consider.