Do Expense Apps Really Need Your Login and Password? We Didn't Think So.
You've just got back from a group trip. Someone paid for the accommodation, someone covered the supermarket run, a few people put rounds behind the bar. Now you need to work out who owes who — and every expense app you try wants a login before you can do a thing.
Username. Password. Verify your email. Accept the terms. Allow notifications. It's a lot of friction just to divide up a weekend.
So we asked a simple question when we built Tallykins: do group expense apps actually need a login? We went looking for the honest answer — and it turned out to be more interesting than we expected.
Why most apps default to logins
When developers build an app that stores data, the instinctive move is to create an account system. It's the path of least architectural resistance — tie a user record to the data, and you're done. The problem is that this default gets applied universally, whether it's warranted or not.
A banking app needs to know who you are. A medical records app needs to know who you are. An app that helps eight friends split the cost of a long weekend? The case is much weaker than most developers stop to consider.
An app with no ads, no email marketing, and no interest in your spending behaviour has far less reason to demand your credentials. The login wall is often a business model decision, not a technical one.
What a login actually gives an expense app
It's worth separating the genuine technical need from the assumed one. Here's what requiring a login actually enables for a group expense app — and what it doesn't:
| Action | Needs a login? | Why |
|---|---|---|
| Joining a shared event as a participant | No | A code identifies the event. A screen name identifies the person within it. That's enough. |
| Adding expenses to a shared event | No | The organiser's account handles the cloud sync — participants don't need their own. |
| Viewing balances | No | Read access to shared data doesn't require individual identity verification. |
| Tracking a private local event | No | Data stored on your device doesn't need cloud identity at all. |
| Creating and managing a shared event | Yes | Someone needs to own the event in the cloud. An account anchors that responsibility. |
| Real-time sync across devices | Yes | Cloud sync needs an authenticated owner to know whose data is whose. |
The pattern is clear. If you're organising an event — creating it, managing it, syncing it across devices — some form of account is a genuine technical requirement. But if you're one of the friends joining, adding expenses, and checking balances, you don't need one. At all.
The difference between a login and linking an account
This distinction matters more than most people realise. There's a meaningful difference between:
- Creating a new login — choosing a username, inventing a password, verifying an email. You're handing credentials to yet another service that could lose them, misuse them, or one day cease to exist.
- Linking an existing account — using Sign in with Apple or Sign in with Google. No new password is created. Your credentials stay with Apple or Google. The app receives a secure token. One important distinction: Sign in with Apple lets you hide your email address entirely using a private relay address. Sign in with Google shares your Google email address with Tallykins via OAuth — though no password is ever involved.
OAuth — the technology behind Sign in with Apple and Sign in with Google — was designed specifically so that apps don't need to handle passwords. Your credentials never touch the app's systems. Apple goes further still: Sign in with Apple can generate a private relay email address, so you can authorise an app without revealing your real email address at all.
"The most private system isn't one with the best encryption. It's one that holds the least data to begin with."
How we approached it when building Tallykins
When we built Tallykins, we started from a straightforward conviction: you shouldn't have to trade your data just to split costs with friends. That's not a marketing position — it's a design principle that shaped every architectural decision we made.
We asked what the minimum viable data collection actually was. The answer looked like this:
- Participants joining a shared event A 6-digit invite code identifies the event. A screen name identifies the person within it. No email, no password — because none of those things are technically necessary.
- Free users with a private event Data lives entirely on-device. Nothing leaves the phone. No server, no cloud, no credentials required — because there's nothing to sync.
- Organisers creating a shared event A genuine technical requirement — someone needs to own the event in the cloud. But owning something in the cloud doesn't require creating a new password. It requires a verifiable identity, which Apple and Google already provide. One tap, no new credentials. If you sign in with Google, your Google email address is shared with Tallykins via OAuth. Apple users can opt to hide their email entirely.
Building this way was harder than taking the default route. A traditional account system is well-understood territory with established libraries and frameworks. Designing without that scaffolding meant solving problems from scratch — how to sync shared event data across participants with no individual user records, how to make a code-based join feel trustworthy, how to architect local-first storage with an optional cloud layer on top.
We made those choices because we believed the outcome was worth the effort. Not because it was easier.
If you want the full technical picture of what Tallykins collects and stores, our Privacy Policy sets it out plainly.
No ads. No login. Both for the same reason.
Tallykins has no advertising. That's not a separate decision from the login one — it's the same decision expressed twice.
Ad-supported apps need to identify users to serve targeted ads. Remove that business model, and the case for mandatory accounts largely disappears. The two things are connected: there's no login wall because there's no ad engine behind it, and there's no ad engine because we don't want to build a product that treats users as inventory.
Privacy isn't a feature we added, it's structural. The data mostly isn't there to misuse in the first place — and that's a more meaningful privacy guarantee than any policy document.
What this means in practice
If you're joining a Tallykins event as a participant, you will never be asked for an email address, a password, or any personal information. A 6-digit code from the organiser and a screen name of your choosing. That's the entirety of what's required.
If you're the organiser, you connect your existing Apple or Google account — one tap, no new password, your credentials never touching Tallykins systems. Apple users can hide their email address entirely.
As a free user your private events live on your device. Not on a server. Not somewhere that can be breached or sold.
🐾 Heading somewhere with patchy signal? No login is only half the story — see our guide to whether a group expense app actually works offline before you rely on it for a trip.
That's the whole model. Collect only what's necessary. Ask for nothing you don't genuinely need. Build the privacy in, rather than promising it afterwards.
No login. No password. No ads.
Fair splits with friends — built to respect your privacy from the ground up.
Frequently asked questions
Do I need a login to use a group expense tracker?
It depends on your role. With Tallykins, participants joining a shared event need no login at all — just a 6-digit join code and a screen name. The organiser who creates the shared event links an existing Apple or Google account via secure OAuth. No new username or password is ever created with Tallykins.
Is there a group expense app with no login required?
For participants joining a group event, Tallykins requires no login whatsoever — no email address, no password. You join with a 6-digit code and pick a screen name. That's it. The organiser uses Sign in with Apple or Sign in with Google — no new password required.
Why do most expense apps require a login?
Mostly because it's the default in app development, not because it's technically necessary. Apps that carry advertising need to identify users to serve targeted ads. Apps with email marketing need your address to reach you. Neither of those is a reason that benefits you — they benefit the app. An app with no ads and no interest in re-engagement has far less reason to ask for your credentials.
What is the difference between a login and OAuth?
A traditional login means creating a new username and password with the app itself. OAuth — such as Sign in with Apple or Sign in with Google — lets you authorise an app using an account you already have. Your credentials stay with Apple or Google; the app never sees your password. It's more secure and requires nothing new from you.
Can I track shared expenses without giving my email address?
With Tallykins, participants never provide an email address. Organisers who use Sign in with Apple can hide their email entirely using Apple's private relay. Organisers who use Sign in with Google will have their Google email address shared with Tallykins via OAuth — no new password is created, but the email is received. See our Privacy Policy for full details.
Is a no-login expense app less secure?
Not at all. Data that isn't collected can't be breached. Participants have no credentials to steal because none were ever created. Organisers use OAuth via Apple or Google, which is more secure than a password created for a small app. Private events are stored locally on-device and never leave your phone.