Related papers: From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android

From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android

URL: http://arxiv.org/abs/2407.14938v3
Date: Mon, 27 Jan 2025 10:58:00 GMT
Title: From Ad Identifiers to Global Privacy Control: The Status Quo and Future of Opting Out of Ad Tracking on Android
Authors: Sebastian Zimmeck, Nishant Aggarwal, Zachary Liu, Konrad Kollnig,
Abstract summary: Third-party tracking has widely been shown to lack transparency and user choice. Since 2013, Android users can enable AdID setting their devices to opt out of interest-based ads. At least 70% of the apps we examine must respect CCPA opt-out right via GPC. At least 15% of examined apps must grant EU protections to people outside EU.
Score: 2.8436446946726557
License:
Abstract: Many mobile apps derive significant revenue from personalized advertising and share detailed data about their users with ad networks, data brokers, and other companies. This third-party tracking has widely been shown to lack transparency and user choice, even though it has been around for more than two decades. Since 2013, Android users can enable the AdID setting on their devices to opt out of interest-based ads. In addition, if applicable, the California Consumer Privacy Act of 2018 (CCPA) gives users an opt-out right from the selling and sharing of personal information, including ad tracking. Users can exercise this right via Global Privacy Control (GPC). Interestingly, prior literature has not studied whether either of these two privacy choice mechanisms - the Android AdID setting or GPC - actually limit tracking. Analyzing the network traffic of 1,811 top-free apps from the US Google Play Store, we find that neither the Android AdID setting nor GPC has substantial impact on apps' data selling and sharing practices. This is despite the fact that at least 70% of the apps we examine must respect the CCPA opt-out right via GPC. Additionally, the European General Data Protection Regulation (GDPR) has worldwide scope for certain apps. In this regard, we show that at least 15% of the examined apps must grant EU protections to people outside the EU, including the GDPR's consent and opt-out requirements relating to ads. We find a lack thereof and conclude that more action is needed to protect users' legally mandated opt-out rights, in both the EU and US.

Related papers

A Large-Scale Privacy Assessment of Android Third-Party SDKs [17.245330733308375]
Third-party Software Development Kits (SDKs) are widely adopted in Android app development. This convenience raises substantial concerns about unauthorized access to users' privacy-sensitive information. Our study offers a targeted analysis of user privacy protection among Android third-party SDKs.
arXiv Detail & Related papers (2024-09-16T15:44:43Z)
Why am I Still Seeing This: Measuring the Effectiveness Of Ad Controls and Explanations in AI-Mediated Ad Targeting Systems [55.02903075972816]
We evaluate the effectiveness of Meta's "See less" ad control and the actionability of ad targeting explanations following the shift to AI-mediated targeting. We find that utilizing the "See less" ad control for the topics we study does not significantly reduce the number of ads shown by Meta on these topics. We find that the majority of ad targeting explanations for local ads made no reference to location-specific targeting criteria.
arXiv Detail & Related papers (2024-08-21T18:03:11Z)
Privacy Policies and Consent Management Platforms: Growth and Users' Interactions over Time [4.356242302111725]
Consent platforms (CMPs) have emerged as practical solutions to make it easier for website administrators to manage user consent. This paper presents a detailed analysis of the evolution of CMPs spanning nine years. We observe how even small changes in the design of Privacy Banners have a critical impact on the user's giving or denying their consent to data collection.
arXiv Detail & Related papers (2024-02-28T13:36:27Z)
Protecting User Privacy in Online Settings via Supervised Learning [69.38374877559423]
We design an intelligent approach to online privacy protection that leverages supervised learning. By detecting and blocking data collection that might infringe on a user's privacy, we can restore a degree of digital privacy to the user.
arXiv Detail & Related papers (2023-04-06T05:20:16Z)
Privacy Explanations - A Means to End-User Trust [64.7066037969487]
We looked into how explainability might help to tackle this problem. We created privacy explanations that aim to help to clarify to end users why and for what purposes specific data is required. Our findings reveal that privacy explanations can be an important step towards increasing trust in software systems.
arXiv Detail & Related papers (2022-10-18T09:30:37Z)
Goodbye Tracking? Impact of iOS App Tracking Transparency and Privacy Labels [25.30364629335751]
Apple introduced two significant changes with iOS 14: App Tracking Transparency (ATT), a mandatory opt-in system for enabling tracking on iOS, and Privacy Nutrition Labels. This paper addresses the impact of these changes on individual privacy and control by analysing two versions of 1,759 iOS apps from the UK App Store. We find that Apple itself engages in some forms of tracking and exempts invasive data practices like first-party tracking and credit scoring.
arXiv Detail & Related papers (2022-04-07T16:32:58Z)
Analysis of Longitudinal Changes in Privacy Behavior of Android Applications [79.71330613821037]
In this paper, we examine the trends in how Android apps have changed over time with respect to privacy. We examine the adoption of HTTPS, whether apps scan the device for other installed apps, the use of permissions for privacy-sensitive data, and the use of unique identifiers. We find that privacy-related behavior has improved with time as apps continue to receive updates, and that the third-party libraries used by apps are responsible for more issues with privacy.
arXiv Detail & Related papers (2021-12-28T16:21:31Z)
Are iPhones Really Better for Privacy? Comparative Study of iOS and Android Apps [25.30364629335751]
We present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. Third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law.
arXiv Detail & Related papers (2021-09-28T13:40:32Z)
A Fait Accompli? An Empirical Study into the Absence of Consent to Third-Party Tracking in Android Apps [27.58278290929534]
Third-party tracking allows companies to collect users' behavioural data and track their activity across digital devices. This can put deep insights into users' private lives into the hands of strangers, and often happens without users' awareness or explicit consent. This paper investigates whether and to what extent consent is implemented in mobile apps.
arXiv Detail & Related papers (2021-06-17T11:44:49Z)
An Empirical Study of In-App Advertising Issues Based on Large Scale App Review Analysis [67.58267006314415]
We present a large-scale analysis on ad-related user feedback from App Store and Google Play. From a statistical analysis of 36,309 ad-related reviews, we find that users care most about the number of unique ads and ad display frequency during usage. Some ad issue types are addressed more quickly by developers than other ad issues.
arXiv Detail & Related papers (2020-08-22T05:38:24Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.