The Organisation for Economic Co-operation and Development (OECD) has a hefty new report out this week looking at the app economy. The report’s authors studied what privacy permissions are requested by the most popular Android apps in the Google Play store.
Of the 134 permissions that any app can ask for, each app on average asked for just 12. But strip away the apps that cost money, and suddenly the picture looks very different. Free apps required far more permissions than paid apps in every category except one.
Half of free apps sought access to personal information, which includes things like your browser history, contact data, and the ability to set an alarm. Yet not one of the paid apps did, likely “because the revenue models of these apps rely, at least partially, on payments for the app itself and not on targeted advertising or in-app purchases,” according to the report. A quarter of the free apps wanted permission to services that cost money, such as making phone calls and sending messages. (For a full explanation of the categories, see page 51 of the report.)
The report also found some strange discrepancies when comparing similar apps. The Facebook app on Android makes 19 permission requests, while the Google+ app requires 44 permissions. The Rage of Bahamut, a popular game in the “arcade and action” category, makes 17 requests, while Minecraft—Pocket Edition gets by with just three.
This isn’t just a matter of concern for individuals. The OECD fears that it may adversely affect the app economy itself, citing a Pew report that found that more than half of American app users have at some point decided not to install an app when they discovered the extent of permissions required. The authors end with a warning:
If platform providers, developers and other stakeholders fail to take action in the issues highlighted above, governments have to step in and regulate, limiting the innovation potential the app market has in delivering products and services everywhere and in any device.