Status: Under review at Management Science
(Joint work with Siva Viswanathan)
We study apps’ decisions to upgrade to Android 6.0, which restricts their ability to seek blanket permissions to sensitive user information at download, instead requiring them to request à la carte permissions at run-time. Such a shift in Android’s permission-seeking policy comes in the wake of users’ proactive measures to protect their sensitive information. Mobile apps on Android had a choice of upgrading to Android 6.0 anytime over a three-year window instead of being forced to upgrade immediately. Given the choice of upgrading to version 6.0 that provides mobile apps with the latest platform features or staying with an earlier version that provides them with better access to user information, our study seeks to examine the upgrade decisions of apps in the Google Play Store. By analyzing a unique panel dataset comprising 13,604 of the most popular apps for 24 months, we find that apps that traditionally over-seek permissions (i.e., seek more permissions than those required for the app’s functionality) strategically delay upgrading. We find that such upgrade delays are more likely when the information sought may be considered by users as being collected for ad-targeting or as non-essential for the app’s operations. More importantly, we find that such strategic delaying of upgrades come at a cost to apps in terms of marketplace outcomes. We discuss the implications of our findings for app providers as well as platform operators.