Did App Privacy Improve After the GDPR?

  title={Did App Privacy Improve After the GDPR?},
  author={Nurul Momen and Majid Hatamian and Lothar Fritsch},
  journal={IEEE Security \& Privacy},
In this article, we present an analysis of app behavior before and after the regulatory change in data protection in Europe. Our data shows that app privacy has moderately improved after the implementation of the General Data Protection Regulation. 

Figures from this paper

Protected how? Problem representations of risk in the General Data Protection Regulation (GDPR)
Surveillance practices such as the tracking, collection and profiling of individuals and institutions have the potential to undermine the healthy functioning of democratic systems.
GDPR and the Lost Generation of Innovative Apps
The General Data Protection Regulation (GDPR), enacted with the goal of protecting user privacy, imposed compliance costs on app developers and may have inhibited revenue generation. Using data on
How do app vendors respond to subject access requests? A longitudinal privacy study on iOS and Android Apps
The results indicate that subject access request handling will be unsatisfactory as long as vendors accept such requests via email and process them manually.
A Study on User Preference: Influencing App Selection Decision with Privacy Indicator
It is shown that impact of a privacy indicator on app selection behavior has statistical significance and such privacy preserving behavior can be invoked by mere presence of the indicator.
GDPR and the Lost Generation of Innovative Apps
Using data on 4.1 million apps at the Google Play Store from 2016 to 2019, we document that GDPR induced the exit of about a third of available apps; and in the quarters following implementation,
App-generated digital identities extracted through Android permission-based data access - a survey of app privacy
An attempt is made to identify, profile and track the device users when mapped into digital identity management systems (DIMS).
Accept - Maybe - Decline: Introducing Partial Consent for the Permission-based Access Control Model of Android
The possibility of registering conditional consent which could potentially increase trust in data sharing is examined and the possibilities to integrate it within the access control model of Android by introducing an additional button in the interface are looked into.
A privacy and security analysis of early-deployed COVID-19 contact tracing Android apps
This study analyzes the privacy and security performance of 28 contact tracing apps available on Android platform from various perspectives, including their code’s privileges, promises made in their privacy policies, and static and dynamic performances and quantifies the impact of these apps on users’ privacy.
A Cross-Platform Evaluation of Privacy Notices and Tracking Practices
  • M. Mehrnezhad
  • Computer Science
    2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
  • 2020
The results show that the privacy consent banner is presented to the user in various and inconsistent ways across websites, browsers, and mobile apps, where the majority of these consent notices do not comply with the GDPR.
Narrowing Data Protection's Enforcement Gap
  • F. Lancieri
  • Political Science
    SSRN Electronic Journal
  • 2021
The rise of data protection laws is one of the most profound legal changes of this century. Yet, despite their nominal force and widespread adoption, available data indicates that these laws


Derived Partial Identities Generated from App Permissions
This article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions ...
Privacy dark patterns in identity management
This article presents three privacy dark patterns observed in identity management, software design patterns that intentionally violate requirements in the given case privacy requ ...
Towards Measuring Apps' Privacy-Friendliness
Today's phone could be described as a charismatic tool that has the ability to keep human beings captivated for a considerable amount of their precious time. Users remain in the illusory wonderland
Longitudinal Analysis of Android Ad Library Permissions
It is found that the use of most permissions has increased over the last several years, and that more libraries are able to use permissions that pose particular risks to user privacy and security.
KAUDroid : A tool that will spy on applications and how they spy on their users
Our mobile phone is today our most precious and condential partof us. In many cases we do not only share phone number with it, butalso our most private information. This information is to some exte
A Conundrum of Permissions: Installing Applications on an Android Smartphone
It is found that the permissions displays are generally viewed and read, but not understood by Android users, and users are not currently well prepared to make informed privacy and security decisions around installing applications.
On Software Regulation
This Article develops a novel analytic framework for the evaluation of regulatory policy in cyberspace, flowing from a reconceptualization of cyberlaw's central premise: software code as
FAIR: Fuzzy Alarming Index Rule for Privacy Analysis in Smartphone Apps
An app behaviour monitoring tool is implemented that collects information about access to sensitive resources by each installed app, and a privacy risk score is calculated using a fuzzy logic based approach that considers type, number and frequency of access on resources.
How Much Privilege Does an App Need? Investigating Resource Usage of Android Apps (Short Paper)
A plausible requirement for visualising resource usage is illustrated to aid the user in their decisionmaking and finer access control mechanisms by apps installed on Android devices.
Revealing the unrevealed: Mining smartphone users privacy perception on app markets