Corpus ID: 235458342

A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps

  title={A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps},
  author={Konrad Kollnig and Reuben Binns and Pierre Dewitte and M. V. Kleek and Ge Wang and Daniel Omeiza and Helena Webb and N. Shadbolt},
  booktitle={SOUPS @ USENIX Security Symposium},
Third-party tracking allows companies to collect users’ behavioural data and track their activity across digital devices. This can put deep insights into users’ private lives into the hands of strangers, and often happens without users’ awareness or explicit consent. EU and UK data protection law, however, requires consent, both 1) to access and store information on users’ devices and 2) to legitimate the processing of personal data as part of third-party tracking, as we analyse in this paper… Expand
1 Citations

Figures and Tables from this paper

Examining Power Use and the Privacy Paradox between Intention vs. Actual Use of Mobile Applications
The prevalence of smartphones in our society warrants more research on understanding the characteristics of users and their information privacy behaviors when using mobile apps. This paperExpand


On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies
The dominant privacy framework of the information age relies on notions of “notice and consent.” That is, service providers will disclose, often through privacy policies, their data collectionExpand
On Notice: The Trouble with Notice and Consent
This paper scrutinizes the use of ‘notice and consent’ to address privacy concerns in online behavioral advertising (OBA). It is part of a larger project with Dan Boneh, Arvind Narayanan, and VincentExpand
Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps
This mixed methods investigation examines the question of whether revealing key data collection practices of smartphone apps may help people make more informed privacy-related decisions, and designed and prototyped a new class of privacy indicators, called Data Controller Indicators (DCIs), that expose previously hidden information flows out of the apps. Expand
Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem
An automated methods to detect third-party advertising and tracking services at the traffic level are developed and the business relationships between the providers of these services are uncovered, revealing them by their prevalence in the mobile and Web ecosystem. Expand
Third Party Tracking in the Mobile Ecosystem
It is found that most apps contain third party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage. Expand
Do You Get What You Pay For? Comparing the Privacy Behaviors of Free vs. Paid Apps
There is no clear evidence that paying for an app will guarantee protection from extensive data collection, and the degree to which “free” apps and their paid premium versions differ in their bundled code, their declared permissions, and their data collection behaviors and privacy practices is investigated. Expand
User Tracking in the Post-cookie Era: How Websites Bypass GDPR Consent to Track Users
This paper explores whether websites use more persistent and sophisticated forms of tracking in order to track users who said they do not want cookies, and suggests that websites do use such modern forms oftracking even before users had the opportunity to register their choice with respect to cookies. Expand
“Money makes the world go around”: Identifying Barriers to Better Privacy in Children’s Apps From Developers’ Perspectives
It is revealed that developers largely respect children’s best interests; however, they have to make compromises due to limited monetisation options, perceived harmlessness of certain third-party libraries, and lack of availability of design guidelines. Expand
Mobile Privacy and Business-to-Platform Dependencies: An Analysis of SEC Disclosures
Activision Blizzard, Inc., which acquired Candy Crush Saga for $5.8 billion in 2016, sounded a warning in its latest filings with the Securities and Exchange Commission (SEC), about its dependency onExpand
“Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale
A scalable dynamic analysis framework is presented that allows for the automatic evaluation of the privacy behaviors of Android apps and shows that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success. Expand