Can You Pay for Privacy? Consumer Expectations and the Behavior of Free and Paid Apps

Bamberger, Kenneth A.; Egelman, Serge; Han, Catherine; Bar On, Amit Elazari; Reyes, Irwin
2020
Paid" digital services have been touted as straightforward alternatives to the ostensibly "free" model, in which users actually face a high price in the form of personal data, with limited awareness of the real cost incurred and little ability to manage their privacy preferences. Yet, the actual privacy behavior of paid services, and consumer expectations about that behavior, remain largely unknown. This Article addresses that gap. It presents empirical data both comparing the true cost of
more » ... " services as compared to their so-called "free" counterparts, and documenting consumer expectations about the relative behaviors of each. We first present an empirical study that documents and compares the privacy behaviors of 5,877 Android apps that are offered both as free and paid versions. The sophisticated analysis tool we employed, AppCensus, allowed us to detect exactly which sensitive user data is accessed by each app and with whom it is shared. Our results show that paid apps often share the same implementation characteristics and resulting behaviors as their free counterparts. Thus, if users opt to pay for apps to avoid privacy costs, in many instances they do not receive the benefit of the bargain. Worse, we find that there are no obvious cues that consumers can use to determine when the paid version of a free app offers better privacy protections than its free counterpart. We complement this data with a second study: we surveyed 1,000 Android mobile app users as to their perceptions of the privacy behaviors of paid and free app versions. Participants indicated that consumers are more likely to expect the paid version to engage in
doi:10.15779/z38xp6v40j fatcat:nwe7ok4qwrd67fgjzgosfb4vdy