As part of the analysis of apps from the Google Play Store, ZEW researchers collected information regarding the number of installations and prices, as well as the access rights of apps requested for installation. Overall, 136 different rights could be identified. 14 of these rights can be said to be detrimental to privacy protection. These rights include permission to "send data over the internet", to "identify the smartphone via a unique ID" and to "locate the user".
The study shows that around 40 per cent of all apps require that users grant app providers with at least one of these problematic rights. In fact, 28 per cent of apps are able to unambiguously identify the user via a unique ID. Furthermore, 24 per cent of all apps enable providers to locate the user, and an additional eight per cent provide access to the users' personal address book.
Apps for a lower price or for free in exchange for personal data
There is a trade-off between app prices and access rights to users' personal information. Less expensive apps tend to demand access rights to personal information more frequently and to a greater extent. While just above 50 per cent of free apps request such rights, only 20 percent of non-free apps do so. "This shows that free apps make greater use of rights which are considered to be problematic. On average, free apps request 2.3 such rights, while priced apps request only 1.7," says Patrick Schulte, one of the study's authors. The study therefore suggests that access to users' personal data has a value for providers such that it enables them to offer apps for a lower price, or even for free. The app providers' revenue is ultimately generated by selling products and services via that app. Alternatively, they may use personalised ads or trade using collected data.
In addition, the study analyses the degree to which users consider the issue of problematic access rights when deciding to buy or install an app. "Apps which demand critical rights are less frequently installed. Nevertheless, this effect is rather small and almost non-existent if app providers are already well-known. This indicates a reputation effect which makes users more ready to share sensitive information. On the other hand, a greater effect can be seen if users receive an explicit warning about the possible dangers of granting certain access rights," explains Schulte.
For further information please contact