We analyze the data collection strategies of 65,000 developers in the market for mobile applications and track 300,000 applications over four years. Many apps belong to developers with multiple apps. This fact generates variation in the privacy behaviors of the same developer for our analysis. We uncover three stylized facts: First, developers “learn” to use increasingly intrusive data strategies as they become more experienced. Second, intrusive data collection is most likely in apps that target the 13+, and 16+ age category, which raises concerns for the protection of young app consumers. Third, even within developers, critical and atypical permissions predict problematic usage of private user data most successfully. Our findings inform both regulators and scientists who wish to model supply in the market for mobile apps.
Kesler, Reinhold, Michael Kummer and Patrick Schulte (2017), Mobile Applications and Access to Private Data: The Supply Side of the Android Ecosystem, ZEW Discussion Paper No. 17-075, Mannheim.