Free Apps Frequently Have Access to Sensitive Data

Research

On average, free apps request more rights which are considered to be problematic than priced apps.

Downloading free apps goes hand in hand with the risk of granting unrestricted access to one’s personal data to third parties. A current study carried out by the Mannheim Centre for European Economic Research (ZEW) has shown the degree to which mobile applications are able to infringe on users' privacy rights in order to collect information about their behaviours, and the effect this has. The study has analysed the free apps that were available in the Google Play Store in 2012. The study has found that every second free app has access to sensitive information.

As part of the analysis of apps from the Google Play Store, ZEW researchers collected information regarding the number of installations and prices, as well as the access rights of apps requested for installation. Overall, 136 different rights could be identified. 14 of these rights can be said to be detrimental to privacy protection. These rights include permission to "send data over the internet", to "identify the smartphone via a unique ID" and to "locate the user".

The study shows that around 40 per cent of all apps require that users grant app providers with at least one of these problematic rights. In fact, 28 per cent of apps are able to unambiguously identify the user via a unique ID. Furthermore, 24 per cent of all apps enable providers to locate the user, and an additional eight per cent provide access to the users' personal address book.

Apps for a lower price or for free in exchange for personal data

There is a trade-off between app prices and access rights to users' personal information. Less expensive apps tend to demand access rights to personal information more frequently and to a greater extent. While just above 50 per cent of free apps request such rights, only 20 percent of non-free apps do so. "This shows that free apps make greater use of rights which are considered to be problematic. On average, free apps request 2.3 such rights, while priced apps request only 1.7," says Patrick Schulte, one of the study's authors. The study therefore suggests that access to users' personal data has a value for providers such that it enables them to offer apps for a lower price, or even for free. The app providers' revenue is ultimately generated by selling products and services via that app. Alternatively, they may use personalised ads or trade using collected data.

In addition, the study analyses the degree to which users consider the issue of problematic access rights when deciding to buy or install an app. "Apps which demand critical rights are less frequently installed. Nevertheless, this effect is rather small and almost non-existent if app providers are already well-known. This indicates a reputation effect which makes users more ready to share sensitive information. On the other hand, a greater effect can be seen if users receive an explicit warning about the possible dangers of granting certain access rights," explains Schulte.

For further information please contact                                                                                                                    

Patrick Schulte, Phone +49 (0)621/1235-353, E-Mail schulte@zew.de