A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps

by   Konrad Kollnig, et al.

Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. EU and UK data protection law, however, requires consent, both 1) to access and store information on users' devices and 2) to legitimate the processing of personal data as part of third-party tracking, as we analyse in this paper. This paper further investigates whether and to what extent consent is implemented in mobile apps. First, we analyse a representative sample of apps from the Google Play Store. We find that most apps engage in third-party tracking, but few obtained consent before doing so, indicating potentially widespread violations of EU and UK privacy law. Second, we examine the most common third-party tracking libraries in detail. While most acknowledge that they rely on app developers to obtain consent on their behalf, they typically fail to put in place robust measures to ensure this: disclosure of consent requirements is limited; default consent implementations are lacking; and compliance guidance is difficult to find, hard to read, and poorly maintained.


Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps

While many studies have looked at privacy properties of the Android and ...

Before and after GDPR: tracking in mobile apps

Third-party tracking, the collection and sharing of behavioural data abo...

Third Party Tracking in the Mobile Ecosystem

Third party tracking allows companies to identify users and track their ...

Priorities for more effective tech regulation

Ample research has demonstrated that compliance with data protection pri...

Automating the GDPR Compliance Assessment for Cross-border Personal Data Transfers in Android Applications

The General Data Protection Regulation (GDPR) aims to ensure that all pe...

Building trust in digital policing: A scoping review of community policing apps

Perceptions of police trustworthiness are linked to citizens' willingnes...

Measuring third party tracker power across web and mobile

Third-party networks collect vast amounts of data about users via web si...

Please sign up or login with your details

Forgot password? Click here to reset