Security News > 2020 > August > The state of GDPR compliance in the mobile app space
A group of academics from three German universities has decided to investigate whether and how mobile app vendors respond to subject access requests, and the results of their four-year undercover field study are dispiriting.
"In three iterations between 2015 and 2019, we sent subject access requests to vendors of 225 mobile apps popular in Germany. Throughout the iterations, 19 to 26 % of the vendors were unreachable or did not reply at all. Our subject access requests were fulfilled in 15 to 53 % of the cases, with an unexpected decline between the GDPR enforcement date and the end of our study," they shared.
The researchers - Jacob Leon Kröger from TU Berlin, Jens Lindemann from the University of Hamburg, and Prof. Dr. Dominik Herrmann from the University of Bamberg - made sure to test a representative sample of iOS and Android apps: popular and less popular, from a variety of app categories, and from vendors based in Germany, the EU, and outside of the EU. They disguised themselves as an ordinary German user, created accounts needed for the apps to work, interacted with each app for about ten minutes, and asked app providers for information about their stored personal data.
In theory, the GDPR should force mobile app vendors to provide information about this data and how it's used to users.
In practice many app vendors are obviously hoping that users won't care enough about it and won't make a stink when they don't receive a satisfactory reply, and that GDPR regulators won't have the resources to enforce the regulation.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/yjZG21VJtf0/