Only two per cent of leading apps are fully compliant with the General Data Protection Regulation (GDPR), with almost four-fifths offering no consent notice at all, according to a new study by digital governance management specialists Crownpeak.

A study of the top 50 Android apps and top 50 Apple apps in July 2018 found that 79 per cent had no consent notice for users, and of the 21 per cent that did offer a consent solution, only two per cent were fully GDPR compliant, allowing users varying degrees of control over their data.

Despite this, every app that was scanned displayed multiple SDKs that appeared to perform some kind of data collection, meaning that they were potentially in breach of GDPR regulations.

“The study shows that apps are a black spot for compliance,” said Gabe Morazan, senior product manager at Crownpeak. “On 25 May, consent notices delivered a more informed user experience when browsing on desktop or mobile. But it appears that apps lag behind in compliance programs. This is particularly worrying, considering that, according to an eMarketer report, apps comprise over 90 per cent of internet time on smartphones.

“Our study showed that users rarely have the ability to control exactly which aspects of their data are shared, signalling lack of genuine consent. On top of this, apps such as Facebook, Instagram, WhatsApp and even Android itself have already come under fire for removing access to their products for users who do not consent to data sharing.

“Yet at the same time, audiences are already asking more questions about the level of data apps request access to, such as those which unnecessarily ask for permission to view contact information. It suggests a growing gap between consumer expectations and publisher priorities.”

Crownpeak has launched AppNotice, a platform designed to help developers navigate GDPR consent. The turnkey solution is designed to help companies ensure their mobile apps comply with the consent requirements of global privacy laws, and provides the app user with a list of all technologies and vendors operating within an app that could be accessing and processing their personal data.