Are iPhones Really Better for Privacy? A Comparative Study of iOS and Android Apps

Authors: Konrad Kollnig (Department of Computer Science, University of Oxford), Anastasia Shuba (Independent Researcher), Reuben Binns (Department of Computer Science, University of Oxford), Max Van Kleek (Department of Computer Science, University of Oxford), Nigel Shadbolt (Department of Computer Science, University of Oxford)

Volume: 2022
Issue: 2
Pages: 6–24
DOI: https://doi.org/10.2478/popets-2022-0033

artifact

Download PDF

Abstract: While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that thirdparty tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children’s category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children’s location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children’s apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.

Keywords: privacy, apps, Android, iOS, Apple, Google

Copyright in PoPETs articles are held by their authors. This article is published under a Creative Commons Attribution-NonCommercial-NoDerivs license.