Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

Kollnig, Konrad; Shuba, Anastasia; Binns, Reuben; Kleek, Max Van; Shadbolt, Nigel

doi:10.2478/popets-2022-0033

Cited by 44 publications

(65 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Programming techniques, such as the use of code obfuscation and native code, can pose further obstacles. This is especially true for iOS apps, which are often harder to decompile -compared to Android -and are encrypted by default [34]. While this iOS encryption might legitimately protect paid apps against privacy, Apple also encrypts all free apps downloaded from the App Store.…”

Section: Background 21 Related Workmentioning

confidence: 99%

“…Key reasons include the closed-source nature of the Apple ecosystem; the use of exotic, Apple-only programming tools (Xcode) and languages (Objective-C and Swift); as well as the encryption of iOS apps by default (Apple FairPlay DRM). The encryption of iOS apps by Apple -even of free ones -is particularly problematic for research efforts because it drives researchers into legal grey areas of copyright law [34]. As a result, recent work by Kollnig et al [34] was the first large-scale app privacy analysis study on iOS apps since 2013 [1].…”

Section: Background 21 Related Workmentioning

confidence: 99%

“…The encryption of iOS apps by Apple -even of free ones -is particularly problematic for research efforts because it drives researchers into legal grey areas of copyright law [34]. As a result, recent work by Kollnig et al [34] was the first large-scale app privacy analysis study on iOS apps since 2013 [1]. These authors managed to avoid legal problems relating to copyright law by conducting part of the analysis on-device through using the popular app instrumentation tool Frida.…”

Section: Background 21 Related Workmentioning

confidence: 99%

See 2 more Smart Citations

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Kollnig,

Shuba,

Van Kleek

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

Tracking is a highly privacy-invasive data collection practice that has been ubiquitous in mobile apps for many years due to its role in supporting advertising-based revenue models. In defence of user privacy, Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels, which disclose what kinds of data each app processes. So far, the impact of these changes on individual privacy and control has not been well understood. This paper addresses this gap by analysing two versions of 1,759 iOS apps from the UK App Store: one version from before iOS 14 and one that has been updated to comply with the new rules.We find that Apple's new policies, as promised, prevent the collection of the Identifier for Advertisers (IDFA), an identifier used to facilitate cross-app user tracking. Smaller data brokers, who used to engage in some of the most invasive data practices, will now face higher challenges in tracking users -a positive development for privacy. However, the number of tracking libraries has -on average -roughly stayed the same in the studied apps. Many apps still collect device information that can be used to track users at a group level (cohort tracking) or identify individuals probabilistically (fingerprinting). We find real-world evidence of apps computing and agreeing on a fingerprinting-derived identifier through the use of server-side code, thereby violating Apple's policies and exposing the limits of what ATT can do against tracking on iOS. This is especially concerning because we explicitly refused opt-in to tracking in our study, and consent is a legal requirement for tracking under EU and UK data protection law. We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring from its new rules. For example, Apple regularly collects the UDID (an identifier that has been inaccessible to other companies since 2013) and the device serial number (which is an identifier printed on the box of every Apple device and allows Apple to track the life cycle of Apple devices accurately). We also find that the new Privacy Nutrition Labels are sometimes inaccurate and misleading, especially in less popular apps.

show abstract

Section: Background 21 Related Workmentioning

confidence: 99%

Section: Background 21 Related Workmentioning

confidence: 99%

Section: Background 21 Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Kollnig,

Shuba,

Van Kleek

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…Paradoxically, the GDPR might actually contribute to the business models of large ad tech companies, by putting a market liberal ideology before the protection of personal data (Daly, 2020;Geradin et al, 2020;Gal & Aviv, 2020). At the same time, there is growing evidence that there are indeed widespread infringements of the GDPR and other data protection laws in the app ecosystem (Reyes et al, 2018;Zimmeck et al, 2019;Kollnig, 2019;Okoyomon et al, 2019;Kollnig, Binns et al, 2021;Kollnig et al, 2022).…”

Section: Challenges To the Effectiveness Of Gdprmentioning

confidence: 99%

“…While this paper focuses on Android apps and the Google Play Store, tracking is also widespread on iOS and the Apple App Store (J. Han et al, 2013;Kollnig et al, 2022).…”

Section: Limitations Our Work Has Certain Limitations the Analysis Of...mentioning

confidence: 99%

Before and after GDPR: tracking in mobile apps

Kollnig¹,

Binns²,

Kleek³

et al. 2021

Internet Policy Review

Self Cite

View full text Add to dashboard Cite

Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.

show abstract

Hypernudging in the changing European regulatory landscape for digital markets

Morozovaite

2022

Policy & Internet

View full text Add to dashboard Cite

The European regulatory landscape for digital markets is undergoing a transformative change. There is an observed shift toward the protection of public values and fundamental rights, as the market mechanism and market values that traditionally led regulatory processes in digital markets seem to have fallen short. In the context of the user‐centric digital economy, a clear commitment to safeguarding citizens' interests is ever‐more salient. This article provides a comprehensive account of hypernudging—dynamically personalized user steering, which represents the next generation user influencing techniques online, with the potential to lead to multifaceted individual and collective harms. However, problematizing the phenomenon for digital policy purposes is not a straightforward task. Due to the complexity and opaqueness of its underlying mechanisms and effects, policymakers are operating under conditions of uncertainty, necessitating a shared understanding of what impact hypernudging has on users as well as crafting a shared vision of values that ought to be embedded and safeguarded in digital choice architectures. To highlight the developing European approach in relation to hypernudging, the assessment of the recent legislative initiatives—the Artificial Intelligence Act, the Digital Markets Act, and the Digital Services Act—showcases underlying learning opportunities for addressing emergent challenges.

show abstract

Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

Cited by 44 publications

References 36 publications

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels

Before and after GDPR: tracking in mobile apps

Hypernudging in the changing European regulatory landscape for digital markets

Contact Info

Product

Resources

About