London, March 12, 2025 (GLOBE NEWSWIRE) -- Pixalate, the global market-leading ad fraud protection, privacy, and compliance analytics platform, today released the Q4 2024 GDPR Evasion in the Mobile App Ecosystem: Privacy Policy Omissions & Legal Implications for SSPs and App Stores Report. The report examines apps across the Apple App Store and Google Play Store and is part of Pixalate’s series on European Users’ Privacy Rights Under the General Data Protection Regulation (“GDPR”).
The report offers a detailed legal analysis of data privacy violations likely occurring under GDPR Articles 5, 12, 13, 24 and Rec. 75. Pixalate has released a complete list of the 14,906 likely non-compliant apps.
The investigative report also uncovers privacy non-compliance gaps across these 14,906 ad-enabled* mobile apps with no privacy policies.** Google’s digital ad business (Google AdExchange) is listed as an ad partner (on app-ads.txt files) on 92% (13.7k) of mobile apps with no privacy policies.
“Our research findings underscore the need for app developers to prioritize users’ data privacy and compliance with data protection laws,” said Yusra Kayani, Director & Privacy Legal Counsel at Pixalate. “This failure to disclose privacy policies not only puts users at risk, but also exposes app developers, hosting platforms, and associated third parties - including advertising partners - to legal risks and financial penalties.”
Key Findings - Q4 2024
- Ad-enabled apps with no privacy policy: 14,906 across the Apple App Store (11,313) and Google Play Store (3,525) during Q4 2024
- These apps have 32.3 million estimated Lifetime App Users (based on estimated downloads) across the EU (27.5M) and UK (4.8M)
- ‘Big Tech’ monetizing GDPR non-compliant apps: Of ad-enabled apps with no privacy policies, Google AdExchange is listed as an ad partner (on app-ads.txt files) on 92% (13.7k); Meta (Facebook) on 32% (4.7k)
- Transmission of unlawfully obtained personal data: Of the Top 100 mobile apps (based on estimated Lifetime App Users) offering programmatic advertising and with no privacy policies, 97% share users’ personal data in the programmatic ad bid stream.
- Unlawful location data access: 2,481 ad-enabled apps with no privacy policies request access to users’ location data across the Apple (2,057) and Google (424) mobile app stores
Top 10 ad-enabled apps with no privacy policies (Q4 2024)
Apple
| Rank Top 10 | Title | Developer Name | Requests Location | Est. Lifetime App Users (EU) |
| 1 | Handy Craft | Voodoo | Yes | 176k |
| 2 | Erudite — Trivia & Quiz Games | Mioris LTD | No | 102k |
| 3 | Oldschool Blocks | Piotr Makowski | No | 41k |
| 4 | YTCount – Subscriber Count | Bjorn A | No | 27k |
| 5 | Pumped BMX Flow | Adam Hunt | Yes | 34k |
| 6 | Atomas | Max Gittel | No | 34k |
| 7 | FC Draft 24 | Popescu-Ungureanu Silviu-Georgian PFA | No | 32k |
| 8 | Little Alchemy | Recloak Sp. z o.o. | No | 21k |
| 9 | Crush the Monsters:Cannon Game | HEROCRAFT LTD | No | 20k |
| 10 | Trigger Heroes | Lucky Kat Studios | Yes | 18k |
| Rank Top 10 | Title | Developer Name | Requests Location | Est. Lifetime App Users (EU) |
| 1 | Atomas | Sirnic | No | 1M |
| 2 | XnRetro | XnView | No | 310k |
| 3 | Add Text to Photo App (2022) | 32Network - Unique Apps & Games | Yes | 290k |
| 4 | Learn 2 Fly: bounce & fly! | HeroCraft Ltd. | Yes | 207k |
| 5 | Powerlust: Action RPG Offline | Bartlomiej Mamzer | No | 137k |
| 6 | Almanac 2024 Holiday Calendar | Rhappsody Technologies | No | 45k |
| 7 | Fight List 2 - Categories game | Sociaaal LLC | Yes | 40k |
| 8 | FC Draft 24 | Football Lover Games | No | 38K |
| 9 | Balkan Drive Zone | Andronescu | No | 20k |
| 10 | Chemical Formulas Quiz | Marijn Dillen | No | 11k |
A privacy policy, also known as a ‘privacy statement’ or ‘notice,’ is an essential document that explains how an app collects, uses, and shares users’ personal data. It additionally outlines individuals’ data privacy rights. Multiple global privacy laws and regulations, including the GDPR and CCPA, mandate a privacy policy or notice.
To compile this report, Pixalate’s legal and data science teams analyzed the privacy policies of 826K mobile apps that were: i) downloadable from the Apple App Store (242K) or Google Play Store (584K) as of the beginning of November 2024, and ii) had an app-ads.txt file. Pixalate analyzed over 99% of the policies in November 2024. Using its machine learning technologies, Pixalate conducts systematic browsing (or ‘crawling’) of the Apple App Store to derive data outputs presented in the report’s research findings.
Access the Q4 2024 GDPR Evasion in the App Ecosystem: Privacy Policy Omissions & Legal Implications for SSPs and App Stores Report here. You will also receive the complete list of ad-enabled apps with no privacy policies, as measured by Pixalate.
* Apps with ads, or ad-enabled apps, are defined as those having app-ads.txt detected.
** In this report and related materials, all references to ‘no privacy policy/policies’ or ‘no privacy policy/policies detected’ imply that Pixalate’s proprietary systems were unable to detect or identify a purported privacy policy/notice URL at the time of crawling the app stores pursuant to Pixalate’s proprietary privacy policy detection and classification system; for more details, please review the Methodology section in the report.
About Pixalate
Pixalate is the market-leading fraud protection, privacy, and compliance analytics platform for Connected TV (CTV) and Mobile Advertising. We work 24/7 to guard your reputation and grow your media value. Pixalate offers the only system of coordinated solutions across display, app, video, and CTV for better detection and elimination of ad fraud. Pixalate is an MRC-accredited service for the detection and filtration of sophisticated invalid traffic (SIVT) across desktop and mobile web, mobile in-app, and CTV advertising. www.pixalate.com
Disclaimer
The content of this press release, and the associated report (the “report”) – including all content set forth herein – reflects Pixalate’s opinions with respect to subject matter that Pixalate believes may be useful to the digital media industry, inclusive of advertisers, advertising technology companies, developers of mobile applications, professional advisors, non-governmental entities, and regulators. Pixalate is sharing this report’s data–and opinions relating thereto–not to impugn the standing or reputation of any entity, person, or app, but, instead, to report opinions and suggest trends pertaining certain apps available for download via the Apple App Store & Google Play Store during the Q4 2024 time period studied. Any data shared herein is grounded in Pixalate’s proprietary technology and compliance analytics, which Pixalate is continuously evaluating and updating. Any references to outside sources should not be construed as endorsements. Pixalate’s opinions are just that: opinions (i.e., they are neither facts nor guarantees). Pixalate's opinions regarding possible applicability of, legal obligations under, and compliance with the GDPR are for informational purposes only, and are not offered as legal advice. Nothing in this report: (i) is intended to constitute professional and/or legal advice; (ii) actually constitutes professional and/or legal advice; or (ii) sets forth a comprehensive or complete statement of the matters discussed or the law relating thereto.
