App tracking and mobile privacy - statistics & facts
With the high usage of mobile devices and the considerable role apps have been taking as part of users’ experiences, recent years have seen the appearance of specific mobile-first security threats. In 2022, there were over five billion smartphone users worldwide, and mobile internet traffic accounted for approximately 60 percent of all web traffic worldwide as of the end of 2022.
According to a global survey of mobile internet users conducted in 2022, the most common concerns among respondents were being defrauded on mobile apps, as well as having their apps hacked. Mobile security concerns might also vary greatly depending on the type of mobile apps users interact with: in 2022, mobile bank apps, as well as apps for trading and investment apps were the category global users expected to have the highest level of cyber security. However, over 24 percent of respondents reported thinking that all apps should display the same level of cyber security.
As smartphones make their way into the professional world and onto organizations’ desks, mobile security threats have also become a matter of concern for companies’ cyber security. According to a survey of IT professionals conducted in 2022, the volume of smishing attacks targeting organizations has increased compared to the previous year. Similarly, IT professionals have reported more frequent encounters with vishing attacks since 2020: in 2022, over seven in 10 of the surveyed IT professionals reported having encountered forms of phishing that used phone calls or mobile voice messages.
Commercial health-related apps are often regarded as potentially invasive apps, with period trackers being a currently widely discussed example. As of June 2022, mobile female health app Flo was found to have the lowest amount of data trackers, with five trackers active on its iOS version, and only two trackers for Android users. By comparison, Pregnancy App & Baby Tracker reported having 35 mobile trackers across iOS and Android. In the second half of 2022, public fears focused on the possibility for commercial female health apps and menstrual cycle self-tracking apps to be used for monitoring women’s reproductive cycles and enforcing a potential abortion ban in the United States.
Apple’s privacy upgrades are being echoed by Google, which in February 2022 announced it would extend its Privacy Sandbox initiative to Android devices. The Privacy Sandbox aims at restructuring ads tracking and data collection on Google Chrome and Android. In February 2023, Google started rolling out a beta version of the Sandbox for a few eligible Android 13 devices. Among the initiative’s purposes is also to replace the Android advertising ID with an identifier that can be deleted or reset by users to stop or divert tracking, as well as to implement a new permission system via the Privacy Sandbox.
According to a global survey of mobile internet users conducted in 2022, the most common concerns among respondents were being defrauded on mobile apps, as well as having their apps hacked. Mobile security concerns might also vary greatly depending on the type of mobile apps users interact with: in 2022, mobile bank apps, as well as apps for trading and investment apps were the category global users expected to have the highest level of cyber security. However, over 24 percent of respondents reported thinking that all apps should display the same level of cyber security.
Mobile security threats
Mobile devices, like their desktop counterparts, are not immune to cyber threats, data breach attempts, and privacy woes. While the number of mobile global cyberattacks had been diminishing in 2021 compared to previous years, the months between August and December 2022 registered an upward trend in the number of attacks carried out on mobile users. Additionally, the type of fraud and malicious software built to scam users out of their money and data are in constant evolution. In 2021, RiskTool and AdWare were the most common variants of mobile malware detected worldwide. RiskTool class of malware are potentially unwanted applications that access users’ information and can be used to perform several tasks in stealth mode, such as crypto mining. In comparison, AdWare can present itself in the form of pop-up windows containing aggressive advertising and are difficult to close, and can be connected to different degrees of nuisance or danger.As smartphones make their way into the professional world and onto organizations’ desks, mobile security threats have also become a matter of concern for companies’ cyber security. According to a survey of IT professionals conducted in 2022, the volume of smishing attacks targeting organizations has increased compared to the previous year. Similarly, IT professionals have reported more frequent encounters with vishing attacks since 2020: in 2022, over seven in 10 of the surveyed IT professionals reported having encountered forms of phishing that used phone calls or mobile voice messages.
Mobile data collection: the case of commercial period tracking apps
As of the beginning of 2022, global users had access to almost six million mobile apps available on the market across the leading app stores, the majority of which not only require additional permissions to function, but also might track and collect various types of data for third-party advertisers across multiple websites and other apps. Whilst one of tracking’s main objectives is to propose relevant advertising, the possibility for external actors to access sensitive information and distort the purpose of data collection is not to be overruled.Commercial health-related apps are often regarded as potentially invasive apps, with period trackers being a currently widely discussed example. As of June 2022, mobile female health app Flo was found to have the lowest amount of data trackers, with five trackers active on its iOS version, and only two trackers for Android users. By comparison, Pregnancy App & Baby Tracker reported having 35 mobile trackers across iOS and Android. In the second half of 2022, public fears focused on the possibility for commercial female health apps and menstrual cycle self-tracking apps to be used for monitoring women’s reproductive cycles and enforcing a potential abortion ban in the United States.
Apple’s iOS and the ATT framework: a future model for transparent app tracking?
In April 2021, Apple released its iOS 14.5 version, introducing the App Tracking Transparency (ATT) framework for developers. Under the ATT, iOS users have the freedom to enable or disable tracking by deciding if they want advertisers to identify them and collect information on their presence and activities in the app. Before the ATT, app marketers were able to access users’ Identifier For Advertisers (IDFA), a serial number that provides depersonalized users’ identification for tracking purposes. As of March 2022, 80 percent of all app publishers implemented the ATT on their products, with adoption rates reaching 91 percent among gaming companies. The policy appeared to be well-received among iOS users, with approximately half of the mobile iOS deciding to opt-in via the ATT as of March 2022.Apple’s privacy upgrades are being echoed by Google, which in February 2022 announced it would extend its Privacy Sandbox initiative to Android devices. The Privacy Sandbox aims at restructuring ads tracking and data collection on Google Chrome and Android. In February 2023, Google started rolling out a beta version of the Sandbox for a few eligible Android 13 devices. Among the initiative’s purposes is also to replace the Android advertising ID with an identifier that can be deleted or reset by users to stop or divert tracking, as well as to implement a new permission system via the Privacy Sandbox.
