While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children's category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children's location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children's apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.
翻译:虽然许多研究都考察了Android 和 Google Play Play 应用程序生态系统的隐私性质,但相对而言,对iOS 和App App Store这两个美国使用最广的生态系统的了解较少。与此同时,这些智能操作系统提供商之间的隐私竞争日益加剧。在本文中,我们介绍了关于2020年以来24k Android 和iOS 应用程序的研究,以及几个与用户隐私有关的层面。我们发现,在两个生态系统的应用软件中,第三方跟踪和共享独特的用户识别信息十分普遍,甚至在针对儿童的应用程序中也是如此。在儿童类别中,iOS 应用程序往往使用较少的与广告有关的跟踪,而Apple Apps Storre(i iOS Apps) 。在儿童类别中,iOS 应用程序往往使用较少的与广告有关的跟踪,但更经常地使用儿童所在地。在所研究的所有应用程序中,我们的研究凸显了对美国、欧盟和英国隐私法的普遍潜在侵犯,包括:(1) 未经用户同意使用第三方跟踪,(2) 在与儿童应用程序中的第三方共享个人识别信息(PII)之前缺乏父母同意,(3) ;跟踪非数据配置。 跟踪图书馆的非最小化结构, 4 向各国发送个人数据没有适当的全面数据跟踪系统,我们没有进行部分的透明度。
相关内容
微信扫码咨询专知VIP会员