Before and after GDPR: tracking in mobile apps

@article{Kollnig2021BeforeAA,
  title={Before and after GDPR: tracking in mobile apps},
  author={Konrad Kollnig and Reuben Binns and Max Van Kleek and Ulrik Lyngs and Jun Zhao and Claudine Tinsman and Nigel Shadbolt},
  journal={ArXiv},
  year={2021},
  volume={abs/2112.11117}
}
Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited… 

Figures and Tables from this paper

TrackerControl: Transparency and Choice around App Tracking

Third-party tracking allows companies to collect users’ behavioural data, track their activity across digital devices, and potentially share this data with third-party companies. This can put deep

The Cost of the GDPR for Apps? Nearly Impossible to Study without Platform Data

A recently published pre-print titled ‘GDPR and the Lost Generation of Innovative Apps’ 1 observes that a third of apps on the Google Play Store disappeared from this app store around the

Tracking on the Web, Mobile and the Internet-of-Things

  • R. Binns
  • Computer Science
    Found. Trends Web Sci.
  • 2022
This paper aims to introduce tracking on the web, smartphones, and the Internet of Things, to an audience with little or no previous knowledge, and aims to provide an overarching narrative spanning this large research space.

An (Un)Necessary Evil - Users' (Un)Certainty about Smartphone App Permissions and Implications for Privacy Engineering

It is demonstrated that users are uncertain about the necessity of granting app permissions for about half of the tested permission requests, resulting in a call for user protecting interventions by privacy engineers.

A Value-centered Exploration of Data Privacy and Personalized Privacy Assistants

This work utilizes Suzy Killmister’s Four-Dimensional Theory of Autonomy (4DT) to operationalize value-centered privacy decisions and assesses the degree that an existing technology, personalized privacy assistants (PPAs), use notices in a manner that allows for value- centered decision-making.

References

SHOWING 1-10 OF 67 REFERENCES

Tracking in apps' privacy policies

Data sharing across countries, payment models and platforms is compared, finding that only opening the policy webpages shares data with third-parties for 48.5% of policies, potentially violating the GDPR.

Third Party Tracking in the Mobile Ecosystem

It is found that most apps contain third party tracking, and the distribution of trackers is long-tailed with several highly dominant trackers accounting for a large portion of the coverage.

A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps

It is found that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law.

Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem

An automated methods to detect third-party advertising and tracking services at the traffic level are developed and the business relationships between the providers of these services are uncovered, revealing them by their prevalence in the mobile and Web ecosystem.

Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

It is found that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children, and that neither platform is clearly better than the other for privacy across the dimensions the authors studied.

Better the Devil You Know: Exposing the Data Sharing Practices of Smartphone Apps

This mixed methods investigation examines the question of whether revealing key data collection practices of smartphone apps may help people make more informed privacy-related decisions, and designed and prototyped a new class of privacy indicators, called Data Controller Indicators (DCIs), that expose previously hidden information flows out of the apps.

Measuring Third-party Tracker Power across Web and Mobile

The results reveal that tracker prominence and parent–subsidiary relationships have significant impact on accurately measuring concentration, and a new approach is proposed to measure the concentration of tracking capability, based on the reach of a tracker on popular websites and apps.

Do You Get What You Pay For? Comparing the Privacy Behaviors of Free vs. Paid Apps

There is no clear evidence that paying for an app will guarantee protection from extensive data collection, and the degree to which “free” apps and their paid premium versions differ in their bundled code, their declared permissions, and their data collection behaviors and privacy practices is investigated.

On The Ridiculousness of Notice and Consent: Contradictions in App Privacy Policies

Analysis of 68,051 apps from the Google Play Store, their corresponding privacy policies, and observed data transmissions, investigates the potential misrepresentations of apps in the Designed For Families program, inconsistencies in disclosures regarding third-party data sharing, as well as contradictory disclosures about secure data transmissions.

Comparing Mobile Privacy Protection through Cross-Platform Applications

The first attempt to establish a baseline for security comparison between the two most popular mobile platforms is made and evidence suggests that Apple's application vetting process may not be as effective as Android's privilege notification mechanism, particularly in protecting sensitive resources from third-party applications.
...