The GDPR and SDK Usage In Android Mobile Apps

Using data on Software Development Kits (SDKs), we study SDKs in Android apps vis-à-vis the adoption of the General Data Protection Regulation (GDPR) by the European Union in May 2018. Relative to US-only apps, the number of non-Google SDKs used per app in 5 major European countries (EU5) exhibits a 1.3% decline in EU5-only apps after GDPR, and a 6.3% decline in apps multihoming US and EU5. These effects are mostly driven by lower-ranked apps. Using apps’ monthly active users as weights in computing average user exposure to SDKs in app category and country groups, we find no significant change in the average SDK exposure in EU5-only relative to US-only apps. The only significant change in multihoming apps is a 4.2% drop in exposure to SDKs developed by minor SDK providers, although SDKs from Google and major SDK providers were independently assessed as riskier than those from minor SDK providers.