Apps, short for “applications,” are a main feature of modern smartphones and tablet computers. They allow users to interact with their devices in new ways. From calendars to music players, apps offer myriad experiences to users, and that universe is expanding every day.

This growth in apps is paralleled by a growth in the amount of data these apps can collect from users. Smartphones can collect all kinds of data about users and their activities once users grant permission to apps to do so. The boundaries of what data is being collected are governed by privacy policies, terms of service and other legal agreements that users agree to when downloading apps to their device.

App Users Often Download Dozens of AppsSome 68% of American adults now own a smartphone, and an online survey of a representative sample of adults 18 and older by Pew Research Center finds that 77% of these smartphone owners have downloaded apps in the past (other than the ones that came pre-installed on their phone).6 Fully 38% of these app downloaders report having more than 20 apps on their device and 7% report having 50 or more. This survey covered all smartphone owners, not only owners of Android devices.

At the same time, app downloaders tend to use a relatively small number of apps on a regular basis. Almost half of app downloaders report that they use five or fewer apps at least once per week, and just 16% indicate that they use more than 10 apps on a regular basis.

Overall, having clear information about how one’s personal data will be used by an app is as important to prospective apps downloaders as user ratings and reviews: 90% of smartphone owners say that knowing how their personal data will be used is “very” or “somewhat” important when choosing whether or not to install an app. By comparison, 57% indicate that it is similarly important to know how many times the app has been downloaded, and 56% indicate that it is important to know the uses of the app.

Users Are Concerned About Apps and Personal InformationIn addition, a majority of app downloaders (60%) have chosen not to install an app when they discovered how much personal information the app required in order to use it, while 43% have uninstalled an app after installing it for the same reason.

Surveys are useful for understanding users’ attitudes and habits with their apps, but this mode of data collection cannot shed much light on the other side of the equation — namely, what’s happening with the apps themselves and the ecosystems from which these apps emerge. Users often have difficulty recalling what specific permissions the different apps they have downloaded to their phone actually require and perhaps may not even fully understand these permissions in the first place.

More broadly, surveys of consumers cannot conclusively answer important research questions such as how many different mobile app permissions exist in the first place or how common it is for apps to request various types of permissions from potential users. Other researchers have examined the general subject of app permissions in the Android environment in various ways. Utilizing user comprehension surveys, research groups at the University of California and University of Washington have found that relatively few users pay attention to app permissions – and an even smaller number understand the permissions they are agreeing to. Other studies have found that the act of requesting access to user data is highly context-dependent, and that users who find it appropriate to share their data with one app might recoil at the idea of sharing the same data in a different context. Still others have examined situations in which apps can overreach when requesting permissions.

In an effort to build on this body of knowledge and examine these and other issues, Pew Research Center scraped the contents of over 1 million apps in the Google Play Store, an approach that was chosen not because it is representative of the entire universe of apps across all device types, but because of the combination of both the popularity of the store and the relatively public access to the data, as is laid out in the next chapter. This scraping collected a wide range of metadata about each app — including the permissions they require from users upon installation.