Abstract
The prevalent use of mobile applications (apps) involves the dissemination of personally identifiable user data by apps in ways that could have adverse privacy implications for the apps’ users. More so, even when privacy policies are provided as a safeguard to user privacy, apps’ data handling practices may not comply with the apps’ privacy commitments as stated in their privacy policies. We conducted an assessment of the extent to which apps’ data practices matched their privacy policies. This study provides an exploratory comparison of Android and iOS apps’ privacy compliance. Our findings show potential sensitive user data flows from apps in ways that do not match the apps’ privacy policies and further, that neither Android nor iOS app data handling practices fully comply with their privacy policies.
Highlights
Mobile applications handle unprecedented quantities of user data
Considering the overall figures of user data handled by the Android and iOS apps, the data attributes most collected and disseminated by Android were; address (15), email (15) and name (15) i.e. these three user data attribute were collected by all the Android apps in our study since the study involved fifteen Android apps
While our study investigated the extent of compliance between the Android and iOS apps’ data dissemination against their privacy policies, a related study by [24], compared Android and iOS likelihood to disseminate users’ personally identifiable information in a manner not reflected by the permissions request at the apps’ download, they found that Android was more likely to disseminate personal data in a way a way that breached the requested permissions
Summary
Mobile applications (apps) handle unprecedented quantities of user data. App users offer or entrust diverse personal data to organizations and traders. The data provided by users may be sensitive such as personally identifiable information (personal data) which is data that can be linked back to the owner or source for example; user name, email, telephone number, gender, age, social security number, card number etc. Non-personal data is deemed unidentifiable data and can be aggregated for various purposes. User data is provided with the confidence that users’ data privacy (information privacy) will be maintained by limiting data utility to the specified purposes. Notwithstanding, gaps have been observed in privacy practices as research shows the fact that apps can communicate users’ personal data to third parties without users’ knowledge or consent [2]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
