How Decisions by Apple and Google obstruct App Privacy

Konrad Kollnig; Nigel Shadbolt

doi:10.26116/techreg.2023.002

How Decisions by Apple and Google obstruct App Privacy

Konrad Kollnig^*, Nigel Shadbolt^*

^*Corresponding author for this work

Research output: Contribution to journal › Article › Academic › peer-review

Abstract

Ample past research highlighted that privacy problems are widespread in mobile apps and can have disproportionate impacts on individuals. However, doing such research, especially through automated methods, remains hard and has become an arms race with those who engage in invasive data practices. This paper analyses how decisions by Apple and Google, the makers of the two primary app ecosystems (iOS and Android), currently hold back (automated) app privacy research and thereby create systemic risks that have previously not been systematically documented. Such an analysis is timely and pertinent since the newly enacted EU Digital Services Act (DSA) obliges Very Large Online Platforms to enable ‘vetted researchers’ to study systemic risks (Article 40) and to put in place reasonable, proportionate and effective mitigation measures against systemic risks (Article 35).

Original language	English
Pages (from-to)	10-21
Journal	Technology and Regulation
DOIs	https://doi.org/10.26116/techreg.2023.002
Publication status	Published - 26 Sept 2023

Keywords

app stores
Digital Services Act
privacy
data protection
online platforms
Apple
Google
iOS
Android
apps

Access to Document

10.26116/techreg.2023.002Licence: CC BY-NC-ND

Cite this

@article{5933d4e3fafd46fba223333f8802e17f,

title = "How Decisions by Apple and Google obstruct App Privacy",

abstract = "Ample past research highlighted that privacy problems are widespread in mobile apps and can have disproportionate impacts on individuals. However, doing such research, especially through automated methods, remains hard and has become an arms race with those who engage in invasive data practices. This paper analyses how decisions by Apple and Google, the makers of the two primary app ecosystems (iOS and Android), currently hold back (automated) app privacy research and thereby create systemic risks that have previously not been systematically documented. Such an analysis is timely and pertinent since the newly enacted EU Digital Services Act (DSA) obliges Very Large Online Platforms to enable {\textquoteleft}vetted researchers{\textquoteright} to study systemic risks (Article 40) and to put in place reasonable, proportionate and effective mitigation measures against systemic risks (Article 35).",

keywords = "app stores, Digital Services Act, privacy, data protection, online platforms, Apple, Google, iOS, Android, apps",

author = "Konrad Kollnig and Nigel Shadbolt",

year = "2023",

month = sep,

day = "26",

doi = "10.26116/techreg.2023.002",

language = "English",

pages = "10--21",

journal = "Technology and Regulation",

issn = "2666-139X",

publisher = "Tilburg University",

}

TY - JOUR

T1 - How Decisions by Apple and Google obstruct App Privacy

AU - Kollnig, Konrad

AU - Shadbolt, Nigel

PY - 2023/9/26

Y1 - 2023/9/26

N2 - Ample past research highlighted that privacy problems are widespread in mobile apps and can have disproportionate impacts on individuals. However, doing such research, especially through automated methods, remains hard and has become an arms race with those who engage in invasive data practices. This paper analyses how decisions by Apple and Google, the makers of the two primary app ecosystems (iOS and Android), currently hold back (automated) app privacy research and thereby create systemic risks that have previously not been systematically documented. Such an analysis is timely and pertinent since the newly enacted EU Digital Services Act (DSA) obliges Very Large Online Platforms to enable ‘vetted researchers’ to study systemic risks (Article 40) and to put in place reasonable, proportionate and effective mitigation measures against systemic risks (Article 35).

AB - Ample past research highlighted that privacy problems are widespread in mobile apps and can have disproportionate impacts on individuals. However, doing such research, especially through automated methods, remains hard and has become an arms race with those who engage in invasive data practices. This paper analyses how decisions by Apple and Google, the makers of the two primary app ecosystems (iOS and Android), currently hold back (automated) app privacy research and thereby create systemic risks that have previously not been systematically documented. Such an analysis is timely and pertinent since the newly enacted EU Digital Services Act (DSA) obliges Very Large Online Platforms to enable ‘vetted researchers’ to study systemic risks (Article 40) and to put in place reasonable, proportionate and effective mitigation measures against systemic risks (Article 35).

KW - app stores

KW - Digital Services Act

KW - privacy

KW - data protection

KW - online platforms

KW - Apple

KW - Google

KW - iOS

KW - Android

KW - apps

U2 - 10.26116/techreg.2023.002

DO - 10.26116/techreg.2023.002

M3 - Article

SN - 2666-139X

SP - 10

EP - 21

JO - Technology and Regulation

JF - Technology and Regulation

ER -