Tracking in apps' privacy policies
This highlights widespread non-compliance with data protection laws like GDPR, affecting app users' privacy.
The study analyzed 15,145 privacy policies from mobile apps and found that 48.5% of policies share data with third parties just by opening the webpage, potentially violating GDPR, and 23% of developers failed to respond to data practice queries.
Data protection law, including the General Data Protection Regulation (GDPR), usually requires a privacy policy before data can be collected from individuals. We analysed 15,145 privacy policies from 26,910 mobile apps in May 2019 (about one year after the GDPR came into force), finding that only opening the policy webpages shares data with third-parties for 48.5% of policies, potentially violating the GDPR. We compare this data sharing across countries, payment models (free, in-app-purchases, paid) and platforms (Google Play Store, Apple App Store). We further contacted 52 developers of apps, which did not provide a privacy policy, and asked them about their data practices. Despite being legally required to answer such queries, 12 developers (23%) failed to respond.