Pixalate, the global market-leading ad fraud protection, privacy, and compliance analytics platform, released the Q4 2024 GDPR Evasion in the Mobile App Ecosystem: Privacy Policy Omissions & Legal Implications for SSPs and App Stores Report. The report examines apps across the Apple App Store and Google Play Store and is part of Pixalate’s series on European Users’ Privacy Rights Under the General Data Protection Regulation (“GDPR”).

The report offers a detailed legal analysis of data privacy violations likely occurring under GDPR Articles 5, 12, 13, 24 and Rec. 75. Pixalate has released a complete list of the 14,906 likely non-compliant apps.

The investigative report also uncovers privacy non-compliance gaps across these 14,906 ad-enabled* mobile apps with no privacy policies.** Google’s digital ad business (Google AdExchange) is listed as an ad partner (on app-ads.txt files) on 92% (13.7k) of mobile apps with no privacy policies. 

“Our research findings underscore the need for app developers to prioritise users’ data privacy and compliance with data protection laws,” said Yusra Kayani, Director & Privacy Legal Counsel at Pixalate. “This failure to disclose privacy policies not only puts users at risk, but also exposes app developers, hosting platforms, and associated third parties - including advertising partners - to legal risks and financial penalties.”

Key Findings - Q4 2024

• Ad-enabled apps with no privacy policy: 14,906 across the Apple App Store (11,313) and Google Play Store (3,525) during Q4 2024
  • These apps have 32.3 million estimated Lifetime App Users (based on estimated downloads) across the EU (27.5M) and UK (4.8M)
• ‘Big Tech’ monetising GDPR non-compliant apps: Of ad-enabled apps with no privacy policies, Google AdExchange is listed as an ad partner (on app-ads.txt files) on 92% (13.7k); Meta (Facebook) on 32% (4.7k)
• Transmission of unlawfully obtained personal data: Of the Top 100 mobile apps (based on estimated Lifetime App Users) offering programmatic advertising and with no privacy policies, 97% share users’ personal data in the programmatic ad bid stream.

Top 10 ad-enabled apps with no privacy policies (Q4 2024)

Apple

Google

A privacy policy, also known as a ‘privacy statement’ or ‘notice,’ is an essential document that explains how an app collects, uses, and shares users’ personal data. It additionally outlines individuals’ data privacy rights. Multiple global privacy laws and regulations, including the GDPR and CCPA, mandate a privacy policy or notice.

To compile this report, Pixalate’s legal and data science teams analysed the privacy policies of 826K mobile apps that were: i) downloadable from the Apple App Store (242K) or Google Play Store (584K) as of the beginning of November 2024, and ii) had an app-ads.txt file. Pixalate analysed over 99% of the policies in November 2024. Using its machine learning technologies, Pixalate conducts systematic browsing (or ‘crawling’) of the Apple App Store to derive data outputs presented in the report’s research findings.

Download the Complete Report

Pixalate

Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV), Mobile Apps, and Websites. ...

More about Pixalate »

Powered by PressBox