Tracking in apps' privacy policies
Konrad Kollnig
TL;DR
This study analyzes privacy policies of mobile apps post-GDPR, revealing widespread data sharing with third parties and non-compliance issues, and investigates developer responses to privacy inquiries.
Contribution
It provides a large-scale analysis of privacy policies and developer responses, highlighting compliance gaps and data sharing practices across platforms and countries.
Findings
48.5% of policies share data with third parties
23% of developers failed to respond to privacy inquiries
Significant variation in data sharing across countries and platforms
Abstract
Data protection law, including the General Data Protection Regulation (GDPR), usually requires a privacy policy before data can be collected from individuals. We analysed 15,145 privacy policies from 26,910 mobile apps in May 2019 (about one year after the GDPR came into force), finding that only opening the policy webpages shares data with third-parties for 48.5% of policies, potentially violating the GDPR. We compare this data sharing across countries, payment models (free, in-app-purchases, paid) and platforms (Google Play Store, Apple App Store). We further contacted 52 developers of apps, which did not provide a privacy policy, and asked them about their data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdvanced Malware Detection Techniques · Privacy, Security, and Data Protection · Digital and Cyber Forensics