Before and after GDPR: tracking in mobile apps

Konrad Kollnig; Reuben Binns; Max Van Kleek; Ulrik Lyngs; Jun Zhao; Claudine Tinsman; Nigel Shadbolt

doi:10.14763/2021.4.1611

Before and after GDPR: tracking in mobile apps

Konrad Kollnig^*, Reuben Binns, Max Van Kleek, Ulrik Lyngs, Jun Zhao, Claudine Tinsman, Nigel Shadbolt

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.

Original language	English
Pages (from-to)	1-30
Number of pages	30
Journal	Internet Policy Review
Volume	10
Issue number	4
DOIs	https://doi.org/10.14763/2021.4.1611
Publication status	Published - 2021
Externally published	Yes

Access to Document

10.14763/2021.4.1611Licence: CC BY

https://dblp.org/rec/journals/intpolrev/KollnigBKLZTS21

Cite this

@article{b7f156602e2a47d7bc05f68600bef828,

title = "Before and after GDPR: tracking in mobile apps",

abstract = "Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.",

author = "Konrad Kollnig and Reuben Binns and Kleek, {Max Van} and Ulrik Lyngs and Jun Zhao and Claudine Tinsman and Nigel Shadbolt",

note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2021",

doi = "10.14763/2021.4.1611",

language = "English",

volume = "10",

pages = "1--30",

journal = "Internet Policy Review",

publisher = "Alexander von Humboldt Institut f{\"u}r Internet und Gesellschaft",

number = "4",

}

TY - JOUR

T1 - Before and after GDPR: tracking in mobile apps

AU - Kollnig, Konrad

AU - Binns, Reuben

AU - Kleek, Max Van

AU - Lyngs, Ulrik

AU - Zhao, Jun

AU - Tinsman, Claudine

AU - Shadbolt, Nigel

N1 - DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2021

Y1 - 2021

N2 - Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.

AB - Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.

U2 - 10.14763/2021.4.1611

DO - 10.14763/2021.4.1611

M3 - Article

VL - 10

SP - 1

EP - 30

JO - Internet Policy Review

JF - Internet Policy Review

IS - 4

ER -

Before and after GDPR: tracking in mobile apps

Abstract

Access to Document

Fingerprint

Cite this