Ready for the EU Digital Services Act? How Decisions by Apple and by Google Impede App Privacy

Kollnig, Konrad; Shadbolt, Nigel

doi:10.2139/ssrn.4343640

Download This Paper

Open PDF in Browser

Add Paper to My Library

Ready for the EU Digital Services Act? How Decisions by Apple and by Google Impede App Privacy

25 Pages Posted: 31 Jan 2023 Last revised: 22 May 2023

See all articles by Konrad Kollnig

Konrad Kollnig

Department of Computer Science, University of Oxford

Nigel Shadbolt

University of Oxford - Computing Laboratory

Date Written: January 31, 2023

Abstract

Ample past research highlighted that privacy problems are widespread in mobile apps and can have disproportionate impacts on individuals. However, doing such research, especially that through automated methods, remains hard and an arms race with those who engage in invasive data practices. This paper analyses how decisions by Apple and Google, the makers of the two primary app ecosystems (iOS and Android), currently hold back (automated) app privacy research and thereby create previously undocumented systemic risks. We base our analysis on a thorough review of the academic literature and on many years of experience in working in the space. Such an analysis is timely and pertinent since the EU Digital Services Act (DSA) obliges Very Large Online Platforms to enable researchers to study systemic risks (Article 40) and to put in place reasonable, proportionate and effective mitigation measures (Article 35).

Keywords: app stores, Digital Services Act, privacy, data protection, online platforms, Apple, Google, iOS, Android, apps

Suggested Citation: Suggested Citation

Kollnig, Konrad and Shadbolt, Nigel, Ready for the EU Digital Services Act? How Decisions by Apple and by Google Impede App Privacy (January 31, 2023). Available at SSRN: https://ssrn.com/abstract=4343640 or http://dx.doi.org/10.2139/ssrn.4343640