Lessons in VCR Repair: Compliance of Android App Developers with the California Consumer Privacy Act (CCPA)
Reviewed by Pithpith:RKNKQW3Zopen to challenge →
read the original abstract
The California Consumer Privacy Act (CCPA) provides California residents with a range of enhanced privacy protections and rights. Our research investigated the extent to which Android app developers comply with the provisions of the CCPA that require them to provide consumers with accurate privacy notices and respond to "verifiable consumer requests" (VCRs) by disclosing personal information that they have collected, used, or shared about consumers for a business or commercial purpose. We compared the actual network traffic of 109 apps that we believe must comply with the CCPA to the data that apps state they collect in their privacy policies and the data contained in responses to "right to know" requests that we submitted to the app's developers. Of the 69 app developers who substantively replied to our requests, all but one provided specific pieces of personal data (as opposed to only categorical information). However, a significant percentage of apps collected information that was not disclosed, including identifiers (55 apps, 80%), geolocation data (21 apps, 30%), and sensory data (18 apps, 26%) among other categories. We discuss improvements to the CCPA that could help app developers comply with "right to know" requests and other related regulations.
This paper has not been read by Pith yet.
Forward citations
Cited by 3 Pith papers
-
What's on Your Mind? Exploring Privacy of Mental Health Apps
Analysis of 25 mental health apps reveals all embed undisclosed trackers, 16 permission-policy contradictions, and unclear third-party AI processing, showing disclosure practices fall short of informed consent standards.
-
What's on Your Mind? Exploring Privacy of Mental Health Apps
Empirical study of 25 mental health apps reveals undisclosed trackers in every app, permission contradictions in 13 apps, and incomplete AI processing disclosures, showing insufficient transparency for informed consent.
-
What's on Your Mind? Exploring Privacy of Mental Health Apps
Empirical study of 25 mental health apps identifies undisclosed trackers in all apps, permission-policy contradictions in 13 apps, and incomplete third-party AI disclosures in several.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.