A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps

06/17/2021
by   Konrad Kollnig, et al.
0

Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. EU and UK data protection law, however, requires consent, both 1) to access and store information on users' devices and 2) to legitimate the processing of personal data as part of third-party tracking, as we analyse in this paper. This paper further investigates whether and to what extent consent is implemented in mobile apps. First, we analyse a representative sample of apps from the Google Play Store. We find that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law. Second, we examine the most common third-party tracking libraries in detail. While most acknowledge that they rely on app developers to obtain consent on their behalf, they typically fail to put in place robust measures to ensure this: disclosure of consent requirements is limited; default consent implementations are lacking; and compliance guidance is difficult to find, hard to read, and poorly maintained.

READ FULL TEXT
research
09/28/2021

Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps

While many studies have looked at privacy properties of the Android and ...
research
12/21/2021

Before and after GDPR: tracking in mobile apps

Third-party tracking, the collection and sharing of behavioural data abo...
research
04/10/2018

Third Party Tracking in the Mobile Ecosystem

Third party tracking allows companies to identify users and track their ...
research
02/27/2023

Priorities for more effective tech regulation

Ample research has demonstrated that compliance with data protection pri...
research
03/12/2021

Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications

The General Data Protection Regulation (GDPR) aims to ensure that all pe...
research
06/12/2020

Building trust in digital policing: A scoping review of community policing apps

Perceptions of police trustworthiness are linked to citizens' willingnes...
research
02/07/2018

Measuring third party tracker power across web and mobile

Third-party networks collect vast amounts of data about users via web si...

Please sign up or login with your details

Forgot password? Click here to reset