Advertisement

Which Apps Have Privacy Policies?

An Analysis of Over One Million Google Play Store Apps
  • Peter StoryEmail author
  • Sebastian Zimmeck
  • Norman Sadeh
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11079)

Abstract

Smartphone app privacy policies are intended to describe smartphone apps’ data collection and use practices. However, not all apps have privacy policies. Without prominent privacy policies, it becomes more difficult for users, regulators, and privacy organizations to evaluate apps’ privacy practices. We answer the question: “Which apps have privacy policies?” by analyzing the metadata of over one million apps from the Google Play Store. Only about half of the apps we examined link to a policy from their Play Store pages. First, we conducted an exploratory data analysis of the relationship between app metadata features and whether apps link to privacy policies. Next, we trained a logistic regression model to predict the probability that individual apps will have policy links. Finally, by comparing three crawls of the Play Store, we observe an overall-increase in the percent of apps with links between September 2017 and May 2018 (from 41.7% to 51.8%).

Keywords

Privacy Privacy policy Smartphone Smartphone apps 

References

  1. 1.
    Almuhimedi, H., Schaub, F., Sadeh, N., Adjerid, I.: Your location has been shared 5,398 times!: A field study on mobile app privacy nudging. In: Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems (2015).  https://doi.org/10.1145/2702123.2702210, http://dl.acm.org/citation.cfm?id=2702210
  2. 2.
    Balebako, R., Marsh, A., Lin, J., Hong, J.I., Cranor, L.F.: The privacy and security behaviors of smartphone app developers. In: Workshop on Usable Security (2014). http://repository.cmu.edu/hcii/265/
  3. 3.
    Blenner, S.R., Kollmer, M., Rouse, A.J., Daneshvar, N., Williams, C., Andrews, L.B.: Privacy policies of android diabetes apps and sharing of health information. JAMA 315(10), 1051–1052 (2016).  https://doi.org/10.1001/jama.2015.19426. http://jama.jamanetwork.com/article.aspx?doi=10.1001/jama.2015.19426CrossRefGoogle Scholar
  4. 4.
    Bouchard, B., Suzuki, K.: Find great apps and games on Google Play with the editors’ choice update, July 2017. https://www.blog.google/products/google-play/find-great-apps-and-games-google-play-editors-choice-update/. Accessed 20 May 2018
  5. 5.
    Clark, B.: Millions of apps could soon be purged from Google Play Store, February 2017. https://thenextweb.com/google/2017/02/08/millions-apps-soon-purged-google-play-store/. Accessed 20 May 2018
  6. 6.
    scikit-learn developers: sklearn.linear model.logisticregression. http://scikit-learn.org/stable/modules/generated/sklearn.linear_model.LogisticRegression.html. Accessed 20 May 2018
  7. 7.
    scikit-learn developers: sklearn.linear model.sgdclassifier. http://scikit-learn.org/stable/modules/generated/sklearn.linear_model.SGDClassifier.html. Accessed 20 May 2018
  8. 8.
    scikit-learn developers: sklearn.preprocessing.standardscaler. http://scikit-learn.org/stable/modules/generated/sklearn.preprocessing.StandardScaler.html. Accessed 20 May 2018
  9. 9.
    scikit-learn developers: Stochastic gradient descent: Tips on practical use. http://scikit-learn.org/stable/modules/sgd.html#tips-on-practical-use. Accessed 20 May 2018
  10. 10.
    scikit-learn developers: Choosing the right estimator (2017). http://scikit-learn.org/stable/tutorial/machine_learning_map/index.html. Accessed 20 May 2018
  11. 11.
    d’Heureuse, N., Huici, F., Arumaithurai, M., Ahmed, M., Papagiannaki, K., Niccolini, S.: What’s app?: A wide-scale measurement study of smart phone markets. dl.acm.org. https://dl.acm.org/citation.cfm?id=2396759
  12. 12.
    Entertainment Software Rating Board (ESRB): ESRB ratings guide (2015). https://www.esrb.org/ratings/ratings_guide.aspx. Accessed 20 May 2018
  13. 13.
    Fahey, K.: Recognizing android excellence on Google Play, June 2017. https://android-developers.googleblog.com/2017/06/recognizing-android-excellence-on.html. Accessed 20 May 2018
  14. 14.
    Federal Trade Commission: Mobile privacy disclosures, February 2013. https://www.ftc.gov/os/2013/02/130201mobileprivacyreport.pdf. Accessed 20 May 2018
  15. 15.
    Federal Trade Commission: Children’s Online Privacy Protection Rule (“COPPA”), August 2015. https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule. Accessed 20 May 2018
  16. 16.
    FTC: Privacy online: a report to congress, June 1998. https://www.ftc.gov/reports/privacy-online-report-congress. Accessed 20 May 2018
  17. 17.
    Google: Designed for families. https://developer.android.com/distribute/google-play/families.html. Accessed 20 May 2018
  18. 18.
    Google: Content ratings for apps & games. https://support.google.com/googleplay/android-developer/answer/188189?hl=en (2017). Accessed 20 May 2018
  19. 19.
    Google: Ratings questionnaire help (2017). https://support.google.com/googleplay/android-developer/topic/6169305?hl=en&ref_topic=6159951. Accessed 20 May 2018
  20. 20.
    Google: Requesting permissions (2017). https://developer.android.com/guide/topics/permissions/requesting.html. Accessed 20 May 2018
  21. 21.
    California Department of Justice: Attorney General Kamala D. Harris secures global agreement to strengthen privacy protections for users of mobile applications, February 2012. http://www.oag.ca.gov/news/press-releases/attorney-general-kamala-d-harris-secures-global-agreement-strengthen-privacy. Accessed 20 May 2018
  22. 22.
    California Department of Justice: Making your privacy practices public, May 2014. https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf. Accessed 20 May 2018
  23. 23.
    Kelley, P.G., Cranor, L.F., Sadeh, N.: Privacy as part of the app decision-making process. In: CHI, p. 3393 (2013).  https://doi.org/10.1145/2470654.2466466, http://dl.acm.org/citation.cfm?doid=2470654.2466466
  24. 24.
    Lin, J., Liu, B., Sadeh, N., Hong, J.I.: Modeling users’ mobile app privacy preferences - restoring usability in a sea of permission settings. In: Proceedings of the Twelfth Symposium on Usable Privacy and Security (2014). http://dblp.org/rec/conf/soups/LinLSH14
  25. 25.
    Lin, J., Sadeh, N., Amini, S., Lindqvist, J., Hong, J.I., Zhang, J.: Expectation and purpose - understanding users’ mental models of mobile app privacy through crowdsourcing. In: UbiComp, p. 501 (2012).  https://doi.org/10.1145/2370216.2370290, http://dl.acm.org/citation.cfm?doid=2370216.2370290
  26. 26.
    Palmer, J.: After several years of service, the Google Play Top Developer Program is being put to rest, May 2017. http://www.androidpolice.com/2017/05/05/several-years-service-google-play-top-developer-program-put-rest/. Accessed 20 May 2018
  27. 27.
    Pedregosa, F., et al.: scikit-learn: machine learning in Python. J. Mach. Learn. Res. 12, 2825–2830 (2011)MathSciNetzbMATHGoogle Scholar
  28. 28.
    Sadeh, N., et al.: The usable privacy policy project: combining crowdsourcing, machine learning and natural language processing to semi-automatically answer those privacy questions users care about. Carnegie Mellon University Technical Report CMU-ISR-13-119, pp. 1–24, December 2013. http://reports-archive.adm.cs.cmu.edu/anon/isr2013/CMU-ISR-13-119.pdf
  29. 29.
    Statista: Number of apps available in leading app stores as of March 2017 (2017). https://www.statista.com/statistics/276623/number-of-apps-available-in-leading-app-stores/. Accessed 20 May 2018
  30. 30.
    Sunyaev, A., Dehling, T., Taylor, P.L., Mandl, K.D.: Availability and quality of mobile health app privacy policies. J. Am. Med. Inform. Assoc. 22, e28–e33 (2014).  https://doi.org/10.1136/amiajnl-2013-002605. https://academic.oup.com/jamia/article-lookup/doi/10.1136/amiajnl-2013-002605CrossRefGoogle Scholar
  31. 31.
    Viennot, N., Garcia, E., Nieh, J.: A measurement study of Google Play. In: The 2014 ACM International Conference, pp. 221–233. ACM Press, New York City (2014).  https://doi.org/10.1145/2591971.2592003, http://dl.acm.org/citation.cfm?doid=2591971.2592003
  32. 32.
    Wang, H., et al.: An explorative study of the mobile app ecosystem from app developers’ perspective. In: The 26th International Conference, pp. 163–172. ACM Press, New York City (2017).  https://doi.org/10.1145/3038912.3052712, http://dl.acm.org/citation.cfm?doid=3038912.3052712
  33. 33.
    Zimmeck, S., et al.: Automated analysis of privacy requirements for mobile apps. In: 24th Network & Distributed System Security Symposium (NDSS 2017). NDSS 2017, San Diego, CA. Internet Society, February 2017Google Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Carnegie Mellon UniversityPittsburghUSA

Personalised recommendations