A comparative study of android and iOS mobile applications’ data handling practices versus compliance to privacy policy

Abstract

The prevalent use of mobile applications (apps) involves the dissemination of personally identifiable user data by apps in ways that could have adverse privacy implications for the apps’ users. More so, even when privacy policies are provided as a safeguard to user privacy, apps’ data handling practices may not comply with the apps’ privacy commitments as stated in their privacy policies. We conducted an assessment of the extent to which apps’ data practices matched their privacy policies. This study provides an exploratory comparison of Android and iOS apps’ privacy compliance. Our findings show potential sensitive user data flows from apps in ways that do not match the apps’ privacy policies and further, that neither Android nor iOS app data handling practices fully comply with their privacy policies.