Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy. (August 2019)
- Record Type:
- Journal Article
- Title:
- Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy. (August 2019)
- Main Title:
- Losing Control to Data-Hungry Apps: A Mixed-Methods Approach to Mobile App Privacy
- Authors:
- Brandtzaeg, Petter Bae
Pultier, Antoine
Moen, Gro Mette - Abstract:
- Personal data from mobile apps are increasingly impacting users' lives and privacy perceptions. However, there is a scarcity of research addressing the combination of (1) individual perceptions of mobile app privacy, (2) actual dataflows in apps, and (3) how such perceptions and dataflows relate to actual privacy policies and terms of use in mobile apps. To address these limitations, we conducted an innovative mixed-methods study including a representative user survey in Norway, an analysis of personal dataflows in apps, and content analysis of privacy policies of 21 popular, free Android mobile apps. Our findings show that more than half the respondents in the user survey repeatedly had refrained from downloading or using apps to avoid sharing personal data. Our analysis of dataflows applied a novel methodology measuring activity in the apps over time (48 hr). The investigation showed that 19 of the 21 apps investigated transmitted personal data to a total of approximately 600 different primary and third-party domains. From an European perspective, it is particularly noteworthy that most of these domains were associated with tech companies in the United States, where privacy laws are less strict than companies operating from Europe. The investigation further revealed that some apps by default track and share user data continuously, even when the app is not in use. For some of these, the terms of use provided with the apps did not inform the users about the actual trackingPersonal data from mobile apps are increasingly impacting users' lives and privacy perceptions. However, there is a scarcity of research addressing the combination of (1) individual perceptions of mobile app privacy, (2) actual dataflows in apps, and (3) how such perceptions and dataflows relate to actual privacy policies and terms of use in mobile apps. To address these limitations, we conducted an innovative mixed-methods study including a representative user survey in Norway, an analysis of personal dataflows in apps, and content analysis of privacy policies of 21 popular, free Android mobile apps. Our findings show that more than half the respondents in the user survey repeatedly had refrained from downloading or using apps to avoid sharing personal data. Our analysis of dataflows applied a novel methodology measuring activity in the apps over time (48 hr). The investigation showed that 19 of the 21 apps investigated transmitted personal data to a total of approximately 600 different primary and third-party domains. From an European perspective, it is particularly noteworthy that most of these domains were associated with tech companies in the United States, where privacy laws are less strict than companies operating from Europe. The investigation further revealed that some apps by default track and share user data continuously, even when the app is not in use. For some of these, the terms of use provided with the apps did not inform the users about the actual tracking practice. A comparison of terms of use as provided in the studied apps with actual person dataflows as identified in the analysis disclosed that three of the apps shared data in violation with their provided terms of use. A possible solution for the mobile app industry, to strengthen user trust, is privacy by design through opt-in data sharing with the service and third parties and more granular information on personal data sharing practices. Also, based on the findings from this study, we suggest specific visualizations to enhance transparency of personal dataflows in mobile apps. A methodological contribution is that a mixed-methods approach strengthens our understanding of the complexity of privacy issues in mobile apps. … (more)
- Is Part Of:
- Social science computer review. Volume 37:Number 4(2019)
- Journal:
- Social science computer review
- Issue:
- Volume 37:Number 4(2019)
- Issue Display:
- Volume 37, Issue 4 (2019)
- Year:
- 2019
- Volume:
- 37
- Issue:
- 4
- Issue Sort Value:
- 2019-0037-0004-0000
- Page Start:
- 466
- Page End:
- 488
- Publication Date:
- 2019-08
- Subjects:
- privacy -- terms of use -- mobile apps -- trackers -- trust -- location data
Social sciences -- Data processing -- Periodicals
Computers -- Social aspects -- Periodicals
Microcomputers -- Periodicals
Sciences sociales -- Informatique -- Périodiques
Micro-ordinateurs -- Périodiques
300.285 - Journal URLs:
- http://journals.sagepub.com/home/ssc ↗
http://ssc.sagepub.com/ ↗
http://www.sagepublications.com/ ↗
http://firstsearch.oclc.org ↗
http://firstsearch.oclc.org/journal=0894-4393;screen=info;ECOIP ↗ - DOI:
- 10.1177/0894439318777706 ↗
- Languages:
- English
- ISSNs:
- 0894-4393
- Deposit Type:
- Legaldeposit
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library DSC - BLDSS-3PM
British Library HMNTS - ELD Digital store - Ingest File:
- 11531.xml