Before and after GDPR: tracking in mobile apps

Konrad Kollnig; Reuben Binns; Max Van Kleek; Ulrik Lyngs; Jun Zhao,; Claudine Tinsman; Nigel Shadbolt

arXiv:2112.11117·cs.CY·December 22, 2021

Before and after GDPR: tracking in mobile apps

Konrad Kollnig, Reuben Binns, Max Van Kleek, Ulrik Lyngs, Jun Zhao,, Claudine Tinsman, Nigel Shadbolt

PDF

TL;DR

This study analyzes the impact of GDPR on third-party tracking in nearly two million Android apps, revealing limited changes post-regulation but indicating potential future shifts in tracking practices.

Contribution

It provides the first large-scale empirical analysis of GDPR's effect on mobile app tracking behavior using extensive app data.

Findings

01

Limited reduction in third-party tracking after GDPR

02

Tracking capabilities remain concentrated among few companies

03

Potential for upcoming changes in tracking practices

Abstract

Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.