Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

  title={Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps},
  author={Konrad Kollnig and Anastasia Shuba and Reuben Binns and Max Van Kleek and Nigel Shadbolt},
  journal={Proceedings on Privacy Enhancing Technologies},
  pages={6 - 24}
Abstract While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and… 

Figures and Tables from this paper

An empirical study of privacy labels on the Apple iOS mobile app store

A large-scale empirical study collecting and analyzing the privacy labels of 17, 312 apps and observing that the newly introduced measures resulted in a statistically significant decrease in the number of apps that collect data for tracking purposes, and at the same time, a growth in overall data collection.

The Price to Play: A Privacy Analysis of Free and Paid Games in the Android Ecosystem

A pipeline is introduced that collects both free and paid games and the static analysis provided by the Exodus audit platform is used to detect the trackers present in them, showing that paying for a game does not necessarily shield users from data collection.

Imagining, Studying and Realising A Less Harmful App Ecosystem

This work investigates mobile app extensions, a previously underexplored concept to study and address digital harms within mobile apps in a decentralised, community-driven way, and presents a ready-to-use implementation for Android as a result of significant and careful system development.

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Analyzing two versions of 1,759 iOS apps from the UK App Store suggests that, while Apple’s changes make tracking individual users more difficult, they motivate a countermovement, and reinforce existing market power of gatekeeper companies with access to large troves of first-party data.

Longitudinal Analysis of Privacy Labels in the Apple App Store

It is found that because many apps indicate that they do not collect any data, even apps that would seem likely to collect or link data, trusting the veracity of privacy labels is still an open question.

Developers Say the Darnedest Things: Privacy Compliance Processes Followed by Developers of Child-Directed Apps

We investigate the privacy compliance processes followed by developers of child-directed mobile apps. While children’s online privacy laws have existed for decades in the US, prior research found

Keeping Privacy Labels Honest

An in-depth look at the privacy labels and how they relate to actual transmitted data, and evaluates the apps’ adherence to the GDPR in respect of providing a privacy consent form, through collected screenshots, and identifies numerous potential violations of the directive.

Understanding iOS Privacy Nutrition Labels: An Exploratory Large-Scale Analysis of App Store Data

The first measurement study of Apple privacy nutrition labels is presented to understand how apps on the U.S. App Store create and update privacy labels and suggest that inactive apps have little incentive to create privacy labels.

Before and after GDPR: tracking in mobile apps

It is suggested that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists, however, change might be imminent.

KOALA Hero: Inform Children of Privacy Risks of Mobile Apps

Instead of regarding children as passive users and needing protection, this work draws on critical digital literacy theories and design a KOALA Hero app, which is aimed to enhance children’s cognitive, situated and critical thinking of datafication and online data privacy risks.



Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps

This mixed methods investigation examines the question of whether revealing key data collection practices of smartphone apps may help people make more informed privacy-related decisions, and designed and prototyped a new class of privacy indicators, called Data Controller Indicators (DCIs), that expose previously hidden information flows out of the apps.

Does this App Really Need My Location?

This paper presents the design and implementation of ProtectMyPrivacy (PmP) for Android, which can detect critical contextual information at runtime when privacy-sensitive data accesses occur and infers the purpose of the data access, i.e. whether the dataAccess is by a third-party library or by the app itself for its functionality.

Comparing Mobile Privacy Protection through Cross-Platform Applications

The first attempt to establish a baseline for security comparison between the two most popular mobile platforms is made and evidence suggests that Apple's application vetting process may not be as effective as Android's privilege notification mechanism, particularly in protecting sensitive resources from third-party applications.

Do You Get What You Pay For? Comparing the Privacy Behaviors of Free vs. Paid Apps

There is no clear evidence that paying for an app will guarantee protection from extensive data collection, and the degree to which “free” apps and their paid premium versions differ in their bundled code, their declared permissions, and their data collection behaviors and privacy practices is investigated.

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

An automated methods to detect third-party advertising and tracking services at the traffic level are developed and the business relationships between the providers of these services are uncovered, revealing them by their prevalence in the mobile and Web ecosystem.

CRiOS: Toward Large-Scale iOS Application Analysis

The average iOS application consists of 60.2% library classes and only 39.8% developer-authored content, and it is found that 9.32% of referenced network connection endpoints either entirely omit to cryptographically protect network communications or present untrustworthy SSL certificates.

A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps

It is found that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law.

ProtectMyPrivacy: detecting and mitigating privacy leaks on iOS devices using crowdsourcing

A novel crowdsourced recommendation engine driven by users who contribute their protection decisions, which provides app specific privacy recommendations, and shows the effectiveness of its recommendation engine with users accepting 67.1% of all recommendations provide to them, thereby helping them make informed privacy choices.

Dr. Android and Mr. Hide: fine-grained permissions in android applications

A suite of tools that allow fine-grained permissions to be inferred on existing apps; to be enforced by developers on their own apps; and to be retrofitted by users to increase security of existing apps without affecting functionality are developed.

“Money makes the world go around”: Identifying Barriers to Better Privacy in Children’s Apps From Developers’ Perspectives

It is revealed that developers largely respect children’s best interests; however, they have to make compromises due to limited monetisation options, perceived harmlessness of certain third-party libraries, and lack of availability of design guidelines.