Overall, we assessed 21,163 Android apps, successfully logging into 678 (3.20%) using Facebook as the IdP and 1,716 (8.11%) using Google as the IdP.
| Successful login on apps | 678 | 1716 |
| Successful login on websites corresponding to apps | 318/678 (46.90%) | 661/1716 (38.52%) |
| Cases with different permissions across the two platforms | 40/318 (12.58%) | 23/661 (3.48%) |
Google we found permissions discrepancies in 23 cases. Among these, 22 additional permissions
were requested exclusively by the Android apps, while 14 extra permissions were requested only by the websites.
Extra permissions requested on either the mobile platform or website for notable services:
| Application | Downloads | SSO Type | Platform | Extra permissions |
|---|---|---|---|---|
| TikTok | 1B+ |  |
mobile | Email address, Age range, Friends list |
| Smule | 100M+ | |
mobile | Email address, Age range, Friends list |
| Badoo | 100M+ | |
web | Birthday, Gender |
| ZEPETO | 100M+ | |
mobile | Email address, Friends list |
| iHeart | 50M+ |  |
mobile | Birthday, Gender |
| adidas | 50M+ | |
web | Birthday, Gender, Age range |
| Chess | 50M+ | |
web | Friends list |
| Tagged | 50M+ | |
mobile web |
Photos Contacts(read access) |
| Desygner | 5M+ | |
web | Photos |
| Sociable | 1M+ | |
mobile mobile |
Email address, Birthday, Gender, Friends list, Page likes, Photos Birthday, Gender |
| ManyCam | 1M+ | |
web | Email address, Publish video to timeline |
| AsianDating BrazilCupid HongKongCupid |
1M+ | |
mobile | Birthday, Gender |
| WellnessLiving Achieve | 100K+ | |
web mobile web |
Gender, Timeline link Birthday, Google calendar(full access) Secondary Google calendars (full access), Google calendars (readaccess) |
| Inmate Photos | 100K+ | |
web | Google photos |