How mobile app data privacy concerns impact firm performance
The importance of data transparency in the mobile app industry: why users download apps less when data collection practices are clear
This article is republished with permission from Knowledge @ Wharton, the online business journal of the Wharton School at the University of Pennsylvania, which owns the copyright to this content.
Almost everybody wants to keep their personal information private and away from prying eyes, but how much do they value data privacy? The answer to that depends on people’s awareness of how app providers could use their personal data, according to a paper by experts at Wharton and elsewhere, titled The Supply and Demand for Data Privacy: Evidence From Mobile Apps.
The study tracked the impact of Apple’s requirement that app providers on its iOS platform disclose what user data they collect and for what purposes through privacy labels, akin to nutrition labels on food products. The scope of the data collected as disclosed on Apple’s app store (scroll down to “App Privacy” and click “See Details”) varies widely across apps: Facebook, for instance, collects more data than Amazon Prime Video, while recreation maps provider AllTrails seems content with much less data on users.
The study found that after Apple mandated the privacy labels, apps experienced an average 14 per cent drop in weekly downloads, which led to a 15 per cent decrease in revenue from user subscriptions and in-app purchases compared to their counterpart versions available on Google Play. Apple’s privacy label policy shook the global app market which generated more than US$300 billion in 2020, and is expected to reach US$600 billion by 2025.
Transparency to boost data privacy
Since December 2020, Apple has required all app providers using its iOS operating system to disclose their data collection practices by filling out privacy “nutrition” labels that are standardised and easy to read. The study covered the period from when an app updated its privacy label to comply with Apple’s policy until August 2021.
“We find that about 60 per cent of the apps share customer data with third parties. On average, an app collects 16 data types and 24 data items, and most of those are used for non-essential purposes,” said Wharton finance professor Huan Tang, who co-authored the paper. Tang’s co-authors are Bo Bian, a finance professor at the University of British Columbia, and Xinchen Ma, a doctoral student in finance at the London School of Economics. In a related paper, Tang and others studied the impact of Apple’s app tracking policy on reducing financial fraud complaints.
“Apple defines six data uses, of which only one of them is essential, which is called app functionality,” Tang continued. The remaining five data uses include third-party advertising, first-party advertising, and product personalisation, she added. “None of them is essential for the app to function well, but it turns out the majority of data items collected are used for non-essential purposes.
“The effect [of the privacy labels on consumer demand] was stronger for more privacy-invasive and substitutable apps,” the paper stated. It also found that the stock prices of publicly held app providers took a direct hit from the drop in app downloads, especially among firms that harvest more data.
Read more: Are companies illegally collecting third-party data to profile you?
Evidence sharpens data privacy debates
Tang said the paper attempts to establish “some stylised facts” about what data is being collected by firms, and how they use customer data. “Prior to Apple’s policy [on privacy labels], there was nowhere to start even to get around that question. Now, because this disclosure is standardised across apps and across countries, we can do an apples-to-apples comparison.”
As of September 2023, iOS had nearly 30 per cent of the global mobile operating system market, while Android had a 70 per cent share, the study noted. In North America, however, Android had 54 per cent of that market, followed by iOS at 46 per cent; less than 0.5 per cent of users patronised other operating systems.
The paper noted that despite regulatory efforts and public debates on data privacy, there is “limited large-scale evidence” available on that subject. With their study, the authors identified the issues for which they wanted answers: How much privacy do firms supply? Can we consistently measure the scope and the purpose of data collection? How much privacy do consumers demand and does it translate into the valuation of firms that thrive on monetising personal data? They stated that their paper is among the first to investigate “the real and financial implications” of privacy-related practices in the mobile app industry.
The study used a database of firms’ privacy practices by web-scraping the privacy labels of the top 10,000 apps ranked by downloads on Apple’s App Store and Google Play. Those apps accounted for more than 80 per cent of the store-wide downloads and over 90 per cent of the store-wide revenue in 2020. Apple defines 14 data types and 32 specific data items, as well as six data uses. It displays the data types and specific data items in three categories depending on how widely they are shared with other parties: Data Used to Track You, Data Linked to You, and Data Not Linked to You.
Another implication of the paper’s findings is that privacy concerns impact firm performance, which may incentivise firms to strengthen data privacy. “For a long time, data-driven firms have been amassing data without much discipline and it seemed costless to collect,” said Tang. “But increasing privacy awareness and tightening privacy regulation may render the cost of data collection higher. Indeed, our finding on the stock market performance corroborates this conjecture.”
A startling set of findings
The findings of the study are eye-opening. Some 80 per cent of data items collected are used for purposes unrelated to the functionality of an app. Data is most frequently collected for product personalisation and developer’s advertising or marketing, the paper noted. Significantly, 60 per cent of apps collect data to track users or their devices and share user data across different apps, advertising networks, and companies. “Worse still, sensitive information collected within this category could be sold to data brokers,” the authors warned.
Read more: Protecting your privacy: should AI write hospital discharge papers?
The study also revealed some nuanced app characteristics associated with more data collection:
• Apps that collect more data have a larger market share, a younger age, a higher rating, and more in-app purchases. They are also more likely to be developed by publicly listed firms;
• Of the more than 20 app categories in the app store, gaming apps gather the most data for third-party advertising;
• Shopping apps are the top data collectors for multiple data uses including developer’s advertising or marketing, analytics, and product personalisation;
• News, food and drinks, and social networking apps are also heavy data collectors for purposes other than app functionality. “These heterogeneities suggest that data from users of these services are the easiest to monetise,” the paper stated;
• The decline in downloads and revenue is greater when the data collection intensity is higher. For example, the decline for apps that collect data to track consumers is 2.2 times bigger than for apps that do not collect such data.
Interestingly, the impact of privacy labels on app downloads was weaker among popular, mature apps that command a larger market share. The paper explained why that might be the case: “By revealed preference, a new user chooses to forgo an app only if the disutility from allowing access to personal data outweighs the utility gain from the digital services. Presumably, apps that are more successful and mature are less substitutable than other apps.”
The concerns over privacy intrusions also showed up in the stock values of publicly held app providers. The study tracked stock market returns for 485 public firms with active apps after Apple launched its privacy label policy. The six-month stock returns after each firm’s release of its most popular app were between 5.74 per cent and 8.17 per cent lower, it found.
Privacy paradox explained
The study’s findings also offered an explanation to the so-called “privacy paradox,” which is the inconsistency between users’ stated intent and their actions. “Everyone says they’re concerned about data privacy. But if you observe what they do, in reality, everyone just shares their data so carelessly,” said Tang.
“Our paper jumps in by saying: It’s not a paradox at all. It’s just that consumers don’t even know what data is being shared and collected,” Tang continued. “Once you make information about firms’ data collection readily available and easy to digest, consumers do act to protect their own privacy by stopping using the app.”
The upshot of that is a push for transparency. “When transparency improves, consumers and investors can discipline firms in the collection, use, and sharing of digital user data through their consumption and investment decisions,” the paper stated. “Standardising and mandating the reporting of data collection practices potentially fosters sustainable development of the digital economy.”
Subscribe to BusinessThink for the latest research, analysis and insights from UNSW Business School
The study expanded its U.S. sample to 95 countries to gauge user attitudes toward privacy at a global level. It found that app users in countries with stronger legal protection of privacy and better law enforcement were less influenced by Apple’s privacy labels than those in countries with weaker protection. The paper noted that public trust in the media and major companies also played a role in their choices.