By default - each dedicated user ID should have their own My Work stream and should not see other individuals work unless they are the owner of that work. Can you check the apps in question and see who the owner is. The only way I see this to be possible is that is an ID is being shared.
Let us know more and provide steps and screenshots to supplement the troubleshooting, thanks.
Please mark the appropriate replies as correct or helpful so our team and other members know that your question has been answered to your satisfaction.
The only way I see this to be possible is that is an ID is being shared.
To follow up from Michael here, I've also seen this be due to altered security rules. To debug this is tricky since it will have to involve disabling security rules, but the first pass should be to perform an audit in the QMC of a given user (e.g. John.Smith) and an unpublished application owned by another users (e.g. Sales). That'll likely point to the read rights being provided from a customized security rule.