In the first half of 2021, 2.34 million apps in Google Play Store requested at least one “dangerous permission.” The total number of apps requesting dangerous permission rose by 3% YoY, but for some permissions with potentially significant privacy implications, the number increased by double-digit percentages.
It is essential to remember that not all apps use potentially dangerous permissions to exploit user’s data. Instead, Pixalate is merely rendering an opinion that these facts may be suggestive of heightened risks to data subjects.
Pixalate’s H1 2021 Mobile App ‘Dangerous Permissions’ Report analyzed nine specific “dangerous permissions” that have potentially significant privacy implications. Eight of them became more ubiquitous compared to H1 2020. Only the Read Phone State permission has become less common among Google Play Store apps.
Of the remaining eight “dangerous permissions” studied that increased YoY, four of them saw jumps of more than 10%. The presence of Record Audio — allowing the app to access the device’s microphone and record audio — increased among Google Play Store apps by 21%.
The permission with the second highest increase YoY is Activity Recognition. It rose by 19% and allows the app to identify and track the user’s physical activity via the device.
Read Calendar is also a “dangerous permission” with a significant rise of 17% over the past year. This allows the app to see all of the events on the calendar of the user’s device.
Access Camera is another “dangerous permission” with a double-digit increase since H1 2020 (+13%). This allows the app to record video and/or take photographs from the device’s built-in camera.
This report and blog is reviewing the percentage change YoY of these “dangerous permissions” — but the absolute values are worth noting as well. Some, like Activity Recognition (63,000) have relatively fewer apps requesting the permissions (even though the number of apps increased YoY). Others, like Access Camera, have significantly more apps requesting the permissions (859,000). Some “dangerous permissions” are found on over 1 million apps — such as Access Fine Location.
Pixalate will continue to monitor “dangerous permissions” among apps in the Google Play Store and report on the latest trends.
You can also watch our webinar on October 7, 2021, we will review this data - and other data about risk factors in the mobile in-app ecosystem — in greater detail.
The content of this blog, and the Publisher Trust Indexes (collectively, the “Indexes”), reflect Pixalate’s opinions with respect to factors that Pixalate believes may be useful to the digital media industry. The Indexes examine programmatic advertising activity on mobile apps and Connected TV (CTV) apps (collectively, the “apps”). As cited in the Indexes and referenced in the Indexes’ key findings reproduced herein, the ratings and rankings in the Indexes are based on a number of metrics (e.g., “Brand Safety”) and Pixalate’s opinions regarding the relative performance of each app publisher with respect to the metrics. The data is derived from buy-side, predominantly open auction, programmatic advertising transactions, as measured by Pixalate. The Indexes examine global advertising activity across North America, EMEA, APAC, and LATAM, respectively, as well as programmatic advertising activity within discrete app categories. Any insights shared are grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources in the Indexes and herein should not be construed as endorsements. Pixalate’s opinions are just that, opinions, which means that they are neither facts nor guarantees; and neither this press release nor the Indexes are intended to impugn the standing or reputation of any person, entity or app.
Disclaimer: The content of this page reflects Pixalate’s opinions with respect to the factors that Pixalate believes can be useful to the digital media industry. Any proprietary data shared is grounded in Pixalate’s proprietary technology and analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that - opinion, not facts or guarantees.
Per the MRC,
“'Fraud' is not intended to represent fraud as defined in various laws, statutes and ordinances or as conventionally used in U.S. Court or other
legal proceedings, but rather a custom definition strictly for advertising measurement purposes. Also per the MRC,
“‘Invalid Traffic’ is defined generally as traffic
that does not meet certain ad serving quality or completeness criteria, or otherwise does not represent legitimate ad traffic that should be included in measurement counts.
Among the reasons why ad traffic may be deemed invalid is it is a result of non-human traffic (spiders, bots, etc.), or activity designed to produce fraudulent traffic.”