Categories
General

The Market Power of App Stores

In July 2022, I gave a talk on our analysis of the efficacy of Apple’s new privacy measures on iOS.

The regulation and power of app stores is gaining increasing interests from regulators. This interested has been particularly spurred by Apple’s recent introduction of the App Tracking Transparency framework, which gives end-users more control over unwanted advertising-relating data collection, but also increases the price of targeted online ads on iOS (thereby potentially raising the prices of advertised products).

Since I have been doing much research into app ecosystems in my PhD at Oxford, I teamed up with my colleagues Reuben Binns and Nigel Shadbolt to submit evidence to the UK Competition and Markets authority in February 2022. This evidence has now been made public. The regulator has also published its final report on competition within the app ecosystem.

Our key recommendations were:

Categories
General

The EU must take on smartphone safety

For many years, Apple has been voraciously pushing back against sideloading and alternative app stores on its iOS system. Apple’s senior vice-president Craig Federigh even called sideloading the “cybercriminal’s best friend“. This, however, misses the point.

Categories
General

The Cost of the GDPR for Apps?

A recently published pre-print titled ‘GDPR and the Lost Generation of Innovative Apps’ observes that a third of apps on the Google Play Store disappeared from this app store around the introduction of the GDPR in May 2018. The authors deduce ‘that GDPR is the cause’. The effects of the GDPR on the app economy are an important field to study. Unfortunately, the paper currently lacks a control condition and a key variable. As a result, the effects on app exits reported in the paper are likely overestimated, as we will discuss. We believe there are other factors which may better explain these changes in the Play Store aside from the GDPR.

Categories
General

App Research: Granting Permissions on iOS

When analysing the privacy properties of apps, one often wants to grant all permissions to apps by default. This makes the subsequent analysis of apps easier, especially when done at scale.

On Android, it is super easy to install an app and automatically grant all app permissions. All is that is needed is the following command:

adb install -g [path to apk]

On iOS, no publicly documented method exists, which makes automated app analysis a lot harder.

This is especially true when large-scale analysis of iOS apps, as my colleagues and I at Oxford did in our recent paper on comparing Android and iOS (forthcoming at PETS).

In the following, I’d like to present a method to automatically grant all permissions to iOS apps. This will require a jailbroken iOS device with full shell and file system access.

Categories
General

Digital Services Act: Tracking-Based Ads

Today, the European Parliament has adopted its position on the planned Digital Services Act (DSA).

This planned EU law aims to regulate key aspects of digital technologies, particularly the dominance of certain gatekeeper companies.

One key last-minute change to the Parliament’s position was the inclusion of several amendments restricting tracking-based ads. Specifically, the Parliament seeks to ban targeted advertising for minors, and limit the extent to which sensitive personal data – among which data revealing one’s religious and political beliefs – can be used in ad targeting.

These amendments on ad targeting were put forward by the Tracking-Free Ads Coalition, of which my TrackerControl app is a supporter.

The European Commission, Council and Parliament will now enter the trilogue stage of negotiations to reach a compromise between their positions. A compromise could already be reached by early spring.

Categories
General

Winner of FPF Student Paper Award

It is with great honour that I’ve been informed that my paper ‘A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps’ was awarded this year’s Student Paper Award of the FPF Privacy Papers for Policymakers.

With this award, the Future of Privacy Forum (FPF) recognises leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at US federal agencies, and data protection authorities internationally.