The Impact of Default Mobile SDK Usage on Privacy and Data Protection

The Impact of Default Mobile SDK Usage on Privacy and Data Protection

Are mobile app developers actively enabling data collection by advertisement and analytics companies, or are they unaware of the implications of using the provided software development kits (SDKs)? Given that the current mobile app ecosystem inadvertently involves collecting user data, which often i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Proceedings on Privacy Enhancing Technologies 2025-01, Vol.2025 (1), p.808-823
Hauptverfasser: Koch, Simon, Karl, Manuel, Kirchner, Robin, Wessels, Malte, Paschke, Anne, Johns, Martin
Format: Artikel
Sprache:eng
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 823
container_issue 1
container_start_page 808
container_title Proceedings on Privacy Enhancing Technologies
container_volume 2025
creator Koch, Simon
Karl, Manuel
Kirchner, Robin
Wessels, Malte
Paschke, Anne
Johns, Martin
description Are mobile app developers actively enabling data collection by advertisement and analytics companies, or are they unaware of the implications of using the provided software development kits (SDKs)? Given that the current mobile app ecosystem inadvertently involves collecting user data, which often infringes upon data protection and privacy standards, the question of the underlying reason for the permissibility of data processing arises. We contribute to this research for both Android and iOS by performing a two-step qualitative analysis. First, we conduct a structured documentation review of five advertisement and five analytics SDKs, focusing on privacy-related information. Subsequently, we implement a set of example apps utilizing the basic functionality of each SDK. This custom utilization of the SDK allows us to perform a fine-grained traffic analysis of each required step from initialization until utilization. Our results show that only little guidance on data protection compliance is provided. The observed network traffic shows that overall data collection by SDKs is similar between operating systems and only requires basic usage by the developer to trigger. We discover that with current SDKs, developers have minimal influence over the collected data, as merely using the basic functionality already results in data collection, with advertisement SDKs collecting more data than analytics SDKs. Overall, we explain the observed data protection infringement in ongoing mobile privacy research by documenting how developers must bear with opaque SDKs that lead to data collection simply due to usage.
doi_str_mv 10.56553/popets-2025-0042
format Article
fullrecord <record><control><sourceid>crossref</sourceid><recordid>TN_cdi_crossref_primary_10_56553_popets_2025_0042</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>10_56553_popets_2025_0042</sourcerecordid><originalsourceid>FETCH-crossref_primary_10_56553_popets_2025_00423</originalsourceid><addsrcrecordid>eNqdzs0KwjAQBOAgCor2AbztC1Q30RR7tooigmA9h7WmWqlNSaLg2_t78OxphoGBj7E-x4GMpBwNa1Nr70KBQoaIY9FgHSHiOMR4Mm7-9DYLnDsjIo8k53LSYbP0pGF5qSnzYHJIdE7X0sPa7ItSwzZZwc7RUYOpYGOLG2V3oOoACXl6DsbrzBem6rFWTqXTwTe7jM9n6XQRZtY4Z3WualtcyN4VR_Umqw9ZvcjqRR7983kAYD9Kxg</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>The Impact of Default Mobile SDK Usage on Privacy and Data Protection</title><source>EZB-FREE-00999 freely available EZB journals</source><creator>Koch, Simon ; Karl, Manuel ; Kirchner, Robin ; Wessels, Malte ; Paschke, Anne ; Johns, Martin</creator><creatorcontrib>Koch, Simon ; Karl, Manuel ; Kirchner, Robin ; Wessels, Malte ; Paschke, Anne ; Johns, Martin</creatorcontrib><description>Are mobile app developers actively enabling data collection by advertisement and analytics companies, or are they unaware of the implications of using the provided software development kits (SDKs)? Given that the current mobile app ecosystem inadvertently involves collecting user data, which often infringes upon data protection and privacy standards, the question of the underlying reason for the permissibility of data processing arises. We contribute to this research for both Android and iOS by performing a two-step qualitative analysis. First, we conduct a structured documentation review of five advertisement and five analytics SDKs, focusing on privacy-related information. Subsequently, we implement a set of example apps utilizing the basic functionality of each SDK. This custom utilization of the SDK allows us to perform a fine-grained traffic analysis of each required step from initialization until utilization. Our results show that only little guidance on data protection compliance is provided. The observed network traffic shows that overall data collection by SDKs is similar between operating systems and only requires basic usage by the developer to trigger. We discover that with current SDKs, developers have minimal influence over the collected data, as merely using the basic functionality already results in data collection, with advertisement SDKs collecting more data than analytics SDKs. Overall, we explain the observed data protection infringement in ongoing mobile privacy research by documenting how developers must bear with opaque SDKs that lead to data collection simply due to usage.</description><identifier>ISSN: 2299-0984</identifier><identifier>EISSN: 2299-0984</identifier><identifier>DOI: 10.56553/popets-2025-0042</identifier><language>eng</language><ispartof>Proceedings on Privacy Enhancing Technologies, 2025-01, Vol.2025 (1), p.808-823</ispartof><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,776,780,27901,27902</link.rule.ids></links><search><creatorcontrib>Koch, Simon</creatorcontrib><creatorcontrib>Karl, Manuel</creatorcontrib><creatorcontrib>Kirchner, Robin</creatorcontrib><creatorcontrib>Wessels, Malte</creatorcontrib><creatorcontrib>Paschke, Anne</creatorcontrib><creatorcontrib>Johns, Martin</creatorcontrib><title>The Impact of Default Mobile SDK Usage on Privacy and Data Protection</title><title>Proceedings on Privacy Enhancing Technologies</title><description>Are mobile app developers actively enabling data collection by advertisement and analytics companies, or are they unaware of the implications of using the provided software development kits (SDKs)? Given that the current mobile app ecosystem inadvertently involves collecting user data, which often infringes upon data protection and privacy standards, the question of the underlying reason for the permissibility of data processing arises. We contribute to this research for both Android and iOS by performing a two-step qualitative analysis. First, we conduct a structured documentation review of five advertisement and five analytics SDKs, focusing on privacy-related information. Subsequently, we implement a set of example apps utilizing the basic functionality of each SDK. This custom utilization of the SDK allows us to perform a fine-grained traffic analysis of each required step from initialization until utilization. Our results show that only little guidance on data protection compliance is provided. The observed network traffic shows that overall data collection by SDKs is similar between operating systems and only requires basic usage by the developer to trigger. We discover that with current SDKs, developers have minimal influence over the collected data, as merely using the basic functionality already results in data collection, with advertisement SDKs collecting more data than analytics SDKs. Overall, we explain the observed data protection infringement in ongoing mobile privacy research by documenting how developers must bear with opaque SDKs that lead to data collection simply due to usage.</description><issn>2299-0984</issn><issn>2299-0984</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2025</creationdate><recordtype>article</recordtype><recordid>eNqdzs0KwjAQBOAgCor2AbztC1Q30RR7tooigmA9h7WmWqlNSaLg2_t78OxphoGBj7E-x4GMpBwNa1Nr70KBQoaIY9FgHSHiOMR4Mm7-9DYLnDsjIo8k53LSYbP0pGF5qSnzYHJIdE7X0sPa7ItSwzZZwc7RUYOpYGOLG2V3oOoACXl6DsbrzBem6rFWTqXTwTe7jM9n6XQRZtY4Z3WualtcyN4VR_Umqw9ZvcjqRR7983kAYD9Kxg</recordid><startdate>202501</startdate><enddate>202501</enddate><creator>Koch, Simon</creator><creator>Karl, Manuel</creator><creator>Kirchner, Robin</creator><creator>Wessels, Malte</creator><creator>Paschke, Anne</creator><creator>Johns, Martin</creator><scope>AAYXX</scope><scope>CITATION</scope></search><sort><creationdate>202501</creationdate><title>The Impact of Default Mobile SDK Usage on Privacy and Data Protection</title><author>Koch, Simon ; Karl, Manuel ; Kirchner, Robin ; Wessels, Malte ; Paschke, Anne ; Johns, Martin</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-crossref_primary_10_56553_popets_2025_00423</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2025</creationdate><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Koch, Simon</creatorcontrib><creatorcontrib>Karl, Manuel</creatorcontrib><creatorcontrib>Kirchner, Robin</creatorcontrib><creatorcontrib>Wessels, Malte</creatorcontrib><creatorcontrib>Paschke, Anne</creatorcontrib><creatorcontrib>Johns, Martin</creatorcontrib><collection>CrossRef</collection><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Koch, Simon</au><au>Karl, Manuel</au><au>Kirchner, Robin</au><au>Wessels, Malte</au><au>Paschke, Anne</au><au>Johns, Martin</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>The Impact of Default Mobile SDK Usage on Privacy and Data Protection</atitle><jtitle>Proceedings on Privacy Enhancing Technologies</jtitle><date>2025-01</date><risdate>2025</risdate><volume>2025</volume><issue>1</issue><spage>808</spage><epage>823</epage><pages>808-823</pages><issn>2299-0984</issn><eissn>2299-0984</eissn><abstract>Are mobile app developers actively enabling data collection by advertisement and analytics companies, or are they unaware of the implications of using the provided software development kits (SDKs)? Given that the current mobile app ecosystem inadvertently involves collecting user data, which often infringes upon data protection and privacy standards, the question of the underlying reason for the permissibility of data processing arises. We contribute to this research for both Android and iOS by performing a two-step qualitative analysis. First, we conduct a structured documentation review of five advertisement and five analytics SDKs, focusing on privacy-related information. Subsequently, we implement a set of example apps utilizing the basic functionality of each SDK. This custom utilization of the SDK allows us to perform a fine-grained traffic analysis of each required step from initialization until utilization. Our results show that only little guidance on data protection compliance is provided. The observed network traffic shows that overall data collection by SDKs is similar between operating systems and only requires basic usage by the developer to trigger. We discover that with current SDKs, developers have minimal influence over the collected data, as merely using the basic functionality already results in data collection, with advertisement SDKs collecting more data than analytics SDKs. Overall, we explain the observed data protection infringement in ongoing mobile privacy research by documenting how developers must bear with opaque SDKs that lead to data collection simply due to usage.</abstract><doi>10.56553/popets-2025-0042</doi></addata></record>
fulltext fulltext
identifier ISSN: 2299-0984
ispartof Proceedings on Privacy Enhancing Technologies, 2025-01, Vol.2025 (1), p.808-823
issn 2299-0984
2299-0984
language eng
recordid cdi_crossref_primary_10_56553_popets_2025_0042
source EZB-FREE-00999 freely available EZB journals
title The Impact of Default Mobile SDK Usage on Privacy and Data Protection
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-01T07%3A57%3A12IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-crossref&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=The%20Impact%20of%20Default%20Mobile%20SDK%20Usage%20on%20Privacy%20and%20Data%20Protection&rft.jtitle=Proceedings%20on%20Privacy%20Enhancing%20Technologies&rft.au=Koch,%20Simon&rft.date=2025-01&rft.volume=2025&rft.issue=1&rft.spage=808&rft.epage=823&rft.pages=808-823&rft.issn=2299-0984&rft.eissn=2299-0984&rft_id=info:doi/10.56553/popets-2025-0042&rft_dat=%3Ccrossref%3E10_56553_popets_2025_0042%3C/crossref%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true