Before and after GDPR: tracking in mobile apps

Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirica...

Full description

Bibliographic Details
Main Authors: Kollnig, K, Binns, R, Van Kleek, M, Lyngs, U, Zhao, J, Tinsman, C, Shadbolt, N
Format: Journal article
Language:English
Published: Alexander von Humboldt Institute for Internet and Society 2021
Description
Summary:Third-party tracking, the collection and sharing of behavioural data about individuals, is a significant and ubiquitous privacy threat in mobile apps. The EU General Data Protection Regulation (GDPR) was introduced in 2018 to protect personal data better, but there exists, thus far, limited empirical evidence about its efficacy. This paper studies tracking in nearly two million Android apps from before and after the introduction of the GDPR. Our analysis suggests that there has been limited change in the presence of third-party tracking in apps, and that the concentration of tracking capabilities among a few large gatekeeper companies persists. However, change might be imminent.