Delaying Informed Consent: An Empirical Investigation of Mobile Apps' Upgrade Decisions

Abstract

We study apps' decisions to upgrade to Android 6.0, which restricts their ability to seek blanket permissions to sensitive user information at download, instead requiring them to request a la carte permissions at run-time. Such a shift in Android’s permission-seeking policy comes in the wake of users’ proactive measures to protect their sensitive information. Mobile apps on Android had a choice of upgrading to Android 6.0 anytime over a three-year window instead of being forced to upgrade immediately. Given the choice of upgrading to version 6.0 that provides mobile apps with the latest platform features or staying with an earlier version that provides them with better access to user information, our study seeks to examine the upgrade decisions of apps in the Google Play Store. By analyzing a unique panel dataset comprising 13,604 of the most popular apps for 24 months, we find that apps that traditionally seek more permissions than those required for the app’s functionality, strategically delay upgrading. Specifically, we find that such upgrade delays are more likely when apps seek permissions for sensitive information that are used to serve targeted advertisements in-app. More importantly, we find that such strategic delaying of upgrades come at a cost to apps in terms of marketplace outcomes. We discuss the implications of our findings for app providers as well as platform operators.