A recently published pre-print titled ‘GDPR and the Lost Generation of Innovative Apps’ observes that a third of apps on the Google Play Store disappeared from this app store around the introduction of the GDPR in May 2018. The authors deduce ‘that GDPR is the cause’. The effects of the GDPR on the app economy are an important field to study. Unfortunately, the paper currently lacks a control condition and a key variable. As a result, the effects on app exits reported in the paper are likely overestimated, as we will discuss. We believe there are other factors which may better explain these changes in the Play Store aside from the GDPR.
When analysing the privacy properties of apps, one often wants to grant all permissions to apps by default. This makes the subsequent analysis of apps easier, especially when done at scale.
On Android, it is super easy to install an app and automatically grant all app permissions. All is that is needed is the following command:
adb install -g [path to apk]
On iOS, no publicly documented method exists, which makes automated app analysis a lot harder.
This is especially true when large-scale analysis of iOS apps, as my colleagues and I at Oxford did in our recent paper on comparing Android and iOS (forthcoming at PETS).
In the following, I’d like to present a method to automatically grant all permissions to iOS apps. This will require a jailbroken iOS device with full shell and file system access.
Today, the European Parliament has adopted its position on the planned Digital Services Act (DSA).
This planned EU law aims to regulate key aspects of digital technologies, particularly the dominance of certain gatekeeper companies.
One key last-minute change to the Parliament’s position was the inclusion of several amendments restricting tracking-based ads. Specifically, the Parliament seeks to ban targeted advertising for minors, and limit the extent to which sensitive personal data – among which data revealing one’s religious and political beliefs – can be used in ad targeting.
These amendments on ad targeting were put forward by the Tracking-Free Ads Coalition, of which my TrackerControl app is a supporter.
The European Commission, Council and Parliament will now enter the trilogue stage of negotiations to reach a compromise between their positions. A compromise could already be reached by early spring.
It is with great honour that I’ve been informed that my paper ‘A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps’ was awarded this year’s Student Paper Award of the FPF Privacy Papers for Policymakers.
With this award, the Future of Privacy Forum (FPF) recognises leading privacy research and analytical work that is relevant to policymakers in the United States Congress, at US federal agencies, and data protection authorities internationally.
Back in September 2021, the UK government launched a public consultation on the planned reform of its data protection law. My research group at the University of Oxford has formulated a response to this consultation – a heroic team effort.
UK data protection law is currently modelled on EU requirements, particularly the GDPR from 2016 and the 2009 ePrivacy Directive. Following the UK’s withdrawal from the bloc, the government sees a wealth of new opportunities in the reform of the current legal requirements around the protection of personal data.