Privacy Threats and Profiling Risks in Free Android Applications

The widespread adoption of free Android applications in low- and middle-income communities has transformed communication, entertainment, and access to services, but it has also introduced significant privacy and security risks. This study investigates the usage patterns, privacy awareness, permission-granting behaviors, and exposure to data exploitation among Android users in Birnin Kebbi, Nigeria. Employing a mixed-methods approach, data were collected through structured questionnaires (n = 200), semi-structured interviews (n = 20), and direct observations. Findings reveal that 92% of respondents use free apps daily, with social media (85%) and entertainment apps (78%) dominating usage. Despite this, digital literacy and awareness of data protection regulations remain low, with only 27% understanding app data collection practices and 12% aware of the Nigeria Data Protection Regulation (NDPR). The study also identified prevalent user-permission fatigue, with 68% of respondents routinely granting broad permissions—including access to contacts, camera, microphone, location, and storage—without full comprehension of implications. Third-party SDKs and trackers further exacerbate data exposure, while 31% of respondents reported experiences of digital fraud, such as unauthorized social media access, phishing, and unexpected mobile wallet deductions. The results highlight the cyclical relationship between high app dependence, low privacy awareness, and limited digital literacy, which collectively heighten vulnerability to profiling, surveillance, and fraud. The study recommends targeted digital literacy programs, NDPR awareness campaigns, promotion of privacy-preserving practices, integration of privacy-by-design in app development, and accessible mechanisms for monitoring and reporting digital fraud to strengthen user protection in the Nigerian mobile ecosystem.