Enhancing mobile app privacy: an IPTC-led assessment of Facebook android SDK settings and real-world implications

Data Engineering & Digital Transformation

Technologies for a secure Society and Cybersecurity

16/07/2025

Researchers from the Information Processing and Telecommunications Center (IPTC) have conducted a comprehensive study exploring how privacy-related configuration options in Facebook’s Android SDKs impact the privacy practices of mobile apps. Analysing over 6,000 popular Android applications, the team used both static and dynamic analysis to determine whether app developers modify the default privacy settings provided by the Facebook Android SDK and the Audience Network SDK. Their findings show that the vast majority of apps retain the SDKs’ default settings, which generally favour data collection over user privacy—even when alternatives offering greater privacy are available.

The research highlights widespread inconsistencies between what developers disclose in their privacy policies and what actually occurs in practice. Many developers either overlook or misunderstand the available privacy settings, leading to potential non-compliance with regulations such as the GDPR and CCPA. Notably, issues persist even in some apps aimed at children, where stricter privacy considerations should prevail.

Potential applications of this research include:

Informing policy-makers and regulators about typical gaps between declared and actual data practices in mobile apps.
Guiding SDK providers towards adopting more privacy-protective default settings and clearer documentation.
Equipping app marketplaces and compliance platforms to develop better tools for automated privacy assessment and enforcement.
Supporting app developers in understanding and implementing privacy settings to meet legal and ethical obligations.

Overall, this study provides actionable insights for improving user privacy in the mobile ecosystem, supporting both app developers and technology policy stakeholders as they navigate increasingly complex data protection requirements

Bibliographic Reference: Rodríguez, D., Del-Álamo, J.M. & Calandrino, J.A. Privacy Settings of Third-Party Libraries in Android Apps:A Study of Facebook SDKs. In Proceedings on Privacy Enhancing Technologies Symposium (PoPETs 2025), 2025 (2), pp. 173 – 187, https://doi.org/10.56553/popets-2025-0056

Authors references:

José María del Álamo, ORCID / Google Scholar

David Rodríguez Torrado , ORCID / Google Scholar

Forwed information: www.iptc.upm.es

LinkedIn: https://www.linkedin.com/company/iptc-upm/