Written By: Security.org Team | Published: November 18, 2019

As of 2019, there are over 4.3 million apps in Google Play and the Apple App Store alone, not including smaller platforms such as Microsoft and Amazon. This number continues to rise as apps become an integrated part of our existence, and the ability to create apps improves with the spread of education and resources on app programming.

While this is an exciting time for technological advancement in app development, the emergence of this accessibility also brings about some negatives. Currently, a lack of regulation means that programmers can create habit-forming apps that become linked to our day-to-day lives. Embedded in those apps are clumsy, bulky, and hard to understand privacy agreements filled with technical jargon that goes way above the average person's head.

With these apps seemingly running rampant, how much do we know about how they process our personal data and information? How many of us can actually read a typical privacy policy? We ran a text analysis on 465 app privacy policies and conducted a survey of 1,000 Americans to find out the concrete details and average opinion of privacy agreements. Read below for our full findings.

How Many of Us Actually Understand These Agreements?

Chart showing the average readability of app privacy policies

App privacy policies are far more difficult to read than the public thinks they should be: In most cases, understanding the language used in a typical app agreement requires the reading level of a college student. Business, weather, and travel apps are the most difficult, while photo and video, social networking, and finance apps are slightly more simple, but still advanced beyond the average reading level.

Although Americans are the most educated they have ever been, expecting app users, who range in demographics and access to post-secondary education, to have at least some college-level education is unrealistic.

The ramifications of difficult user agreements fall directly on the app users themselves, who risk losing their data involuntarily when they skip over the privacy text before opening an app. These types of agreements are known as "click-to-agree" contracts and they have become synonymous with app registration.

The average photo and video apps have agreements that veer on the simpler side, but that may be changing soon. The emergence of deepfakes, or doctored digital renderings of real people that can be manipulated, is becoming a massive concern among people who fear they can be used to influence the public with falsified videos of politicians. Popular apps that favor the technology have been under fire for recent privacy violations, indicating that the public's concerns are reaching a critical level.

7-, 10-, and 12-Minute (or Longer) Read Times on Various Apps

Bar charts showing the average time it takes to read privacy policies, segmented by app category and costThe average app agreement takes 9.6 minutes to read, 5.2 minutes longer than Americans surveyed generally think it should take. Free app agreements take around double the time to read than paid apps, likely stemming from the fact that paid apps are less likely to be selling your data since they already obtain a fee from subscribers. Free apps, however, must bring in revenue somehow; in some cases, these app developers turn to nefarious methods like selling personal data to keep the money stream flowing.

Travel app user agreements took the longest to read, while the shortest policies belonged to utility, finance, and news apps. Travel apps require access to GPS and location-tracking, which involve more language than the standard app that only requires simple data, such as an email address or birthdate.

When it comes down to it, people typically don't want to read complicated user agreements, which are painfully vague and hard to comprehend. Considering they are subject to change at any time and feature pages of legalese, it makes sense that many users avoid them. Out of sight, but is it really out of mind?

Changes Over the Years Result in Easier Policies

Charts showing the readability of privacy policies over timeOne of the biggest landmark policy changes involved the General Data Protection Regulation, or GDPR. These European Union-backed reforms commanded businesses online to obtain and protect user data legally and with consent and ensured that data be regulated to a reasonable degree. Changes were initiated in May 2018, changing the dynamic for internet users' protections and putting pressure on apps to simplify their agreements.

In terms of social media platforms, Facebook's efforts to diminish word counts and reading time have been actualized, boasting a 2,500-word decrease in total words and shaving off over 10 minutes from the average read time. Despite dramatic changes to the readability of their ToS agreement, our analysis showed that users still require a reading level akin to a college junior, possibly lessening the impact of the foundational adjustments to their agreement.

Two apps, Uber and Snapchat, feature app agreements with the highest word counts and require the most amount of time to read. Various lawsuits, both from customers and employees of Uber, have likely been the catalyst to new verbiage and jargon being added to user agreements. Uber's word count increased by nearly 5,000 words from 2012 to 2019, likely including details about driver classifications, liability, rider protections, new definitions, and more. Snapchat's controversial "speed filter" came under scrutiny for its blatant encouragement of using the app while going high speeds, sometimes while driving. Addendums to their user agreement likely followed after this incident and others that involved the company.

Americans Urge for Simpler Agreements

Bar charts showing the grade level people believe privacy policies should be written atLess than 5% of respondents thought a person should have a college education to understand these crucial agreements. Based on survey participants' opinions, most major apps that we looked at fall far above the reasonable amount of knowledge needed.

The issue is becoming a liability concern, with a new conversation around understandability and release coming into play. In fact, 58% of Americans surveyed believed they shouldn't be held responsible for violating a difficultly worded privacy policy.

As far as reasons for not reading these privacy policies, 94% of people who didn't read policies simply said it takes far too long, with 74% claiming the policies are too complex to understand in a reasonable manner.

Optimism toward these apps is rare, with only a few respondents trusting apps to protect their personal data (15%).

Nervousness and Privacy Policies

Things that people are OK with apps accessing

The term "data" encompasses a wide range of different things, with vast differences in importance. Users are likely to be less concerned with music and media data or motion data collection services, such as Fitbit, which rely on motion data access to operate and track fitness and health data properly.

Americans surveyed consider some data to be more off-limits than others, such as contacts, photos, and health and home data. Home data, such as smart doorbell and camera data, is precious to many people, as they surveil the outside or inside of a home.

The vast majority of respondents (9 in 10) did not want apps sharing their information with other companies without consent, an issue that is happening at an alarming rate. Many of the 79% of survey participants who understood this concern may reluctantly accept this reality, making it extremely important to consider your own personal security initiatives and evaluate how much more you could be doing to protect yourself.

Protection Against Digital Data Theft or Misuse

In the digital age, protecting our personal data is an ever-present priority. Take a moment to list the apps you use and make an effort to read through the agreements. Research the language of these statements and become aware of your data and who controls it.

Community efforts that seek to protect users are becoming prominent as user-friendly privacy policy interpretation resources have been created with the purpose of informing the public of what is contained within each policy. On the corporate level, Apple's transparency in its app testing and vetting process could hopefully establish a strong standard on app acceptability.

Methodology and Limitations

To conduct the first half of this study, we compiled a spreadsheet of the privacy policy text for the top 10 paid apps and the top 10 free apps for each category on Apple's App Store on Sept. 6, 2019. You can find the list of apps we studied in this spreadsheet. We then ran a text analysis on the privacy policy text to determine the readability score, word count, and estimated reading time. Text readability was determined on the Flesch-Kincaid Readability Grade Level system.

Grades were bracketed through the following categorization:9-12: High school13-16: Bachelor's degree17+: Master's degree or higher

For the second half of this study, we surveyed 1,000 Americans about their perceptions of privacy policies. Anyone was qualified to complete this survey. If a respondent failed an attention-check question that was about halfway through the survey, he or she was disqualified and excluded from our results.

Half of this study relies on self-reported data. There are several limitations to using this sort of data, including but not limited to exaggeration, telescoping, and selective memory. As such, we can't be sure how closely our results line up with reality.

Fair Use Statement

The survey portion of our study shows that the majority of Americans believe that app developers should not be able to share their data with third parties without their knowledge. If you share this sentiment, feel free to pass it along to your readers. All we ask is that it be for noncommerical use and that you link back to this page.