Government regulation, market competition and security of mobile applications

Abstract

As one of the most important product forms in the digital economy era, mobile applications have brought great convenience to both producers and consumers. However, while apps provide convenience to users, their security and risks cannot be ignored. The security of personal information and property of app users mainly faces two risks: the risk of data leakage and the risk of personal information being collected and used in violation of regulations. Based on a unique dataset, we investigated the security of apps in three dimensions. Firstly, we observed a strong spatial concentration in the production of mobile applications, with Beijing, Shanghai, and Shenzhen accounting for almost half of the total app output. Furthermore, we noted a gradual improvement in the security loopholes and non-compliant behaviors of apps over time, with clear regional differences in distribution. Thirdly, we found a U-shaped relationship between app security and download volume, indicating that apps with extreme low and high download volumes have higher incidences of security loopholes and non-compliant behaviors. Fourthly, we found that apps with more security loopholes also tend to have more non-compliant behaviors, suggesting that apps illegally collecting personal information are not effective in protecting the data collected, raising concerns about personal data security. Subsequently, we analyzed app security from two perspectives: regulatory policies and market competition. App developers often prioritize their own interests over user information security, even engaging in actions that violate user privacy. In such cases, government regulatory policies are necessary to play a role. We examined a policy that provided guidance on app security technology and promoted personal information regulations, identifying its impact on app security. Our analysis revealed that after being affected by the policy, the number of security loopholes and non-compliant behaviors in apps significantly decreased, with clear heterogeneity in its impact. The positive impact of the policy was greater for larger-scale apps or those located in regions with lower levels of competition, stronger traditional culture, and lower economic openness. However, we also found that apps did not proactively improve when regulatory enforcement was weak. In the context of market competition, app developers may prioritize app functionality and profitability over the less visible aspect of security. In other words, in highly competitive markets, the motivation to improve app functionality and profitability may outweigh the consideration of data breach and non-compliance risks. We identified the impact of competition on app security using an exogenous event. By examining the suspension of game app approvals in 2021 and the resulting increase in barriers to entry for game apps, we discussed the changes in app security when market competition decreased. Our findings indicated that after the suspension, security loopholes and non-compliant behaviors of game apps did decrease, but correspondingly, developers lacked the incentive of competition, resulting in a decrease in update frequency, ultimately leading to a decrease in user ratings.