Super SDKs: Tracking personal data and platform monopolies in the mobile
Jennifer Pybus1, Mark Cote2
1York University, Canada; 2King's College London
In this article we address the question ‘what is tracking in the mobile ecosystem’ through a comprehensive overview of the Software Development Kit (SDK). Our research reveals a complex infrastructural role for these technical objects connecting end-user data with app developers, third parties and dominant advertising platforms like Google and Facebook. We present an innovative theoretical framework which we call a data monadology to foreground this interrelationship, predicated on an economic model that exchanges personal data for the infrastructural services used to build applications. Our main contribution is an SDK taxonomy, which renders them more transparent and observable. We categorise SDK services into three main categories: (i) Programmatic AdTech for monetisation; (ii) App Development, for building, maintaining and offering additional artificial intelligence features and (iii) App Extensions which more visibly embed third parties into apps like maps, wallets or other payment services. A major finding of our analysis is the special category of the Super SDK, reserved for platforms like Google and Facebook. Not only do they offer a vast array of services across all three categories, making them indispensable to developers, they are super conduits for personal data and the primary technical means for the expansion of platform monopolisation across the mobile ecosystem.
TRACKING WOMEN’S HEALTH: A METHOD FOR AUDITING MENOPAUSE APP INFRASTRUCTURES
Jennifer Pybus, Mina Mir
York University, Canada
Since the pandemic, FemTech, a wide umbrella of women’s health apps, devices, and sensors, has undergone rapid expansion. As use of these technologies increases, so does the datafication of women’s bodies, exacerbating by already-entrenched gendered health discrimination. Our paper presents a novel methodology to audit the backend infrastructures of menopause ‘FemTech’ mobile applications, calling attention to the ways in which exceptionally intimate and sensitive health data are being monetised for profit. While apps are supposed to adhere to data protection regulations, their embedded infrastructure is complex, constituted by platforms and third parties who provide proprietary software in a data-for-service economic model. Consequently, this creates blindspots for regulators and policymakers. The mixed methodology we have developed is aimed at addressing this opacity challenge, stemming from the question: how can we effectively audit mobile applications? This involves: i) assessing manifest files; ii) examining software development kits (SDKs); and iii) a qualitative assessment of the apps’ Google Data Safety agreements and privacy policies. Our findings demonstrate the ease with which this data can be accessed from these applications is alarming, especially given that almost every app in our study was sharing email addresses, often alongside user IDs, device identifiers and IP addresses. The analysis is revealing of a troubling lack of clarity for women and folks who identify as women in making informed decisions about how their health data is being shared, signalling a clear need for better regulation and tools to help people make informed decisions about which menopause app to use.
Mobile Data Donation: Tools for Understanding Ephemeral and Sequenced Social Media Experiences
Daniel Angus1, Abdul Obeid1, Lauren Hayden2, Nicholas Carah2, Christine Parker3, Mark Andrejevic4
1Queensland University of Technology, Australia; 2The University of Queensland, Australia; 3The University of Melbourne, Australia; 4Monash University, Australia
Access challenges aside, largely dominant API-driven methods of social media data collection have less utility in providing insight into the increasingly ephemeral, cross-platform, algorithmically curated, and highly sequenced social media user experience. As part of a growing move towards platform observability (Rieder & Hofmann, 2020), data donation tools have emerged as an increasingly popular methodological innovation, with many able to capture richer detail about these everyday experiences. There are various flavours of data donation, from GDPR data exports, audit methods, and browser plug-ins that can capture specific user-platform interaction data and media (Ohme et al., 2023). These new tools and techniques have opened many promising lines of inquiry; however, many are still limited to capturing browser-based platform interactions. Given that much of the activity on social platforms is facilitated through mobile apps, we are also in need of general-purpose data donation tools and approaches that can be used in mobile environments. In this paper we discuss an extension of a mobile data donation toolkit first introduced by Krieter (2019), that we have extended and used to study mobile digital advertising. The toolkit is a privacy-aware screen scraping tool that, unlike many alternative approaches, only sends data from a users’ mobile device if it matches a preset selection criterion, in our case if the user encounters a digital advertisement while using a specific app on their device. While the case here is oriented towards mobile advertising, the tool and computational analysis pipeline are highly adaptable for many different contexts.
DATAFYING CITIZENS: THE USE OF THIRD-PARTY TRACKERS ON SCANDINAVIAN MUNICIPAL SITES
Helle Sjøvaag1, Cornelia Brantner2, Raul Ferrer-Conill1, Michael Karlsson2, Elizabeth Van Couvering2, Rasmus Helles3
1University of Stavanger, Norway; 2Karlstad University, Sweden; 3Copenhagen University, Denmark
The paper analyses the use of third-party trackers (n=4320) on the municipal websites (n=745) of the Scandinavian welfare states of Denmark, Norway and Sweden, between 2016-2023. We ask how the municipal tracking of online visitors impact on the universalist principles of welfare states, defined as universally available services that aim to emancipate individuals from the negative consequences of market and class mechanisms. Results show a skewed distribution of trackers, with major tech platforms like Google, Facebook, or Twitter dominating. Results also display a dip in tracker use after 2020-2021, suggesting that the Schrems II decision led municipalities to clean up their cookie use to comply with user privacy laws. We argue that this demonstrates the effectiveness in regulation of online public spaces and discuss this in light of universalist principles to ensure equal access to information at a fair price, where cookie consent effectively amounts to a cost of using government services. We end with a recommendation for states to impose clear national policy on citizen data surveillance to safeguard citizens’ data.
|