From the abstract:
We find that third-
party tracking and the sharing of unique user identifiers
was widespread in apps from both ecosystems, even in
apps aimed at children. In the children’s category, iOS
apps used much fewer advertising-related tracking than
their Android counterparts, but could more often access
children’s location (by a factor of 7). Across all studied
apps, our study highlights widespread potential viola-
tions of US, EU and UK privacy law, including 1) the
use of third-party tracking without user consent, 2) the
lack of parental consent before sharing PII with third-
parties in children’s apps, 3) the non-data-minimising
configuration of tracking libraries, 4) the sending of per-
sonal data to countries without an adequate level of
data protection, and 5) the continued absence of trans-
parency around tracking, partly due to design decisions
by Apple and Google. Overall, we find that neither plat-
form is clearly better than the other for privacy across
the dimensions we studied
Full paper here: https://arxiv.org/pdf/2109.13722v1.pdf
