You're implying that the data from the app is stored in a different more secure manner than the data from the website? That makes zero sense. The fact that they got hacked and is the only thing that matters, not which mode of input you provided the data they did not protect.

No, I'm asserting that the app acquires as much data as the website (ie. whatever you typed into their forms) and it gets leaked all the same. Refusing to install the app makes no sense if you still use the website

An app absolutely can track more data than a website. You don't have the website open/active on your phone at all times, but you have the app installed at all times, even when it's not running.

You do know that apps can record data in the background, right?

A website is also sandboxed by your browser in a much stricter manner than an app is on your phone, at least by default.

I don't have specific information on the Ticketmaster app here, but to say that an app is the same as website from a tracking perspective on a phone is absurd.

I'm an app dev. What can I record in the background? What can I track?

If you're an app dev you're more qualified than me to answer that question.

Perhaps you'd like to re-frame your comment or ask a different question?

My point is that you and the other guy are just making stuff up and spreading misinformation. At the API level, an app that doesn't have the user's explicit permission to get location, camera, run in the background, etc is not that different from a web app. My question was obviously rhetorical.

There you go, getting to the meat of it..

So your position is that an app installed on my phone is not able to track or collect any more data, and does not have access to any other information, than a website that I load in my device browser (assuming I log into that website with the same credentials I use in the native app)?

I agree that this might be true in some cases. Note that I never said or implied that an app could do things without permission - but my fault if that wasn't clear.

Now, that said, would it perhaps be fair to say that the average user is much more likely to grant additional permissions to a native app on their phone than they would to a website?

If a website asks for your location, or access to the camera or to your contacts or whatever, I think many people would refuse. There's still a sense that a website is "out there" on the Internet, and you shouldn't necessarily trust it.

But when an app you've installed on your device asks for these things, in order to "operate properly" or provide functionality, then I think people are much more likely to grant it.

After all they've installed the app on their device, they've already trusted the vendor that much, it's only an incremental step at this point.

And once the device does have this elevated access, and access to more data, then there are absolutely more opportunities to collect data on users without their understanding.

I say "understanding" here rather than "consent" because typically consent is given via some long and complicated T&Cs that no one reads. Which is of course on the user, but again if you don't grant permission in the first place (because you're on a website not an app), it's not a problem.

And we have historically seen that some companies (not all companies of course) take advantage of this app access to collect data for themselves without your knowledge. I hope that part isn't up for debate here..