Assessing the Compliance of Mobile Applications with Personal Data Privacy Regulations: An Analytical Study

Ahmad Showail; Mohd Khaled Shambour; Hosam Jaradat; Muhannad A. Abu-Hashem; Hani A. Aldhubaib

doi:10.48084/etasr.11214

Authors

Ahmad Showail Department of Computer Engineering, College of Computer Science and Engineering, Taibah University, Madinah, Saudi Arabia
Mohd Khaled Shambour Department of Intelligent Systems Engineering, Faculty of Engineering and Design, Middle East University, Amman, Jordan
Hosam Jaradat Department of Operating Systems, Deanship of Information Technology, Umm Al-Qura University, Makkah, Saudi Arabia
Muhannad A. Abu-Hashem Department of Geomatics, Architecture and Planning Faculty, King Abdulaziz University, Jeddah, Saudi Arabia
Hani A. Aldhubaib Department of Electrical Engineering, College of Engineering and Islamic Architecture, Umm Al-Qura University, Makkah, Saudi Arabia

Volume: 15 | Issue: 4 | Pages: 24746-24751 | August 2025 | https://doi.org/10.48084/etasr.11214

Received: 30 March 2025 | Revised: 3 May 2025, 15 May 2025, and 24 May 2025 | Accepted: 2 June 2025 | Online: 2 August 2025

Corresponding author: Mohd Khaled Shambour

Abstract

The widespread use of technology has led to the need for data protection frameworks to regulate the collection, processing, sharing, and disposal of personal data. This study assesses the compliance of 66 Hajj and Umrah-related mobile applications with the Saudi Personal Data Protection Law (PDPL), focusing on applications available on Google Play and the Apple App Store. As a pioneering assessment in the religious tourism sector, this study examines the extent to which these applications meet the requirements of the PDPL, including consent, user rights, and data security. The findings show significant deficiencies in app developers' adherence to both user personal data requirements and user data protection principles, with compliance rates ranging from 18.2% to 33.3% and from 12.1% to 33.3%, respectively. These findings indicate the lack of data protection protocols in app development, underlining the vital need for developers to strictly adhere to personal data protection standards. The study emphasizes the crucial importance of preserving user personal information and encourages developers to prioritize data security, thus enhancing trust in the digital experiences of pilgrims.

Keywords:

privacy, mobile applications, personal data, pilgrims, personal data protection laws

Downloads

Download data is not yet available.

References

Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Brusseles, Belgium: EU, 2016.

"The CNIL’s restricted committee imposes a financial penalty of 50 Million euros against GOOGLE LLC | European Data Protection Board." https://www.edpb.europa.eu/news/national-news/2019/cnils-restricted-committee-imposes-financial-penalty-50-million-euros_en.

"British Airways faces record £183m fine for data breach," Jul. 08, 2019. https://www.bbc.com/news/business-48905907.

"Code of Virginia - Chapter 53. Consumer Data Protection Act." https://law.lis.virginia.gov/vacode/title59.1/chapter53/.

"Data Protection Law," Saudi Arabia. https://sdaia.gov.sa/en/Research/Pages/DataProtection.aspx.

"Home | Ministry of Tourism Saudi Arabia." https://mt.gov.sa/tic/dashboard/tourism-demand.

"Forecast number of mobile users worldwide 2020-2025," Statista. https://www.statista.com/statistics/218984/number-of-global-mobile-users-since-2010/.

H. A. Aldhubaib, M. A. Abu-Hashem, and M. K. Shambour, "Standardization of Chargers for Portable Electronic Devices in the Saudi Market," Journal of King Abdulaziz University-Engineering Sciences, vol. 33, no. 2, pp. 67–81, 2023. DOI: https://doi.org/10.4197/Eng.33-2.5

M. Fan et al., "An Empirical Evaluation of GDPR Compliance Violations in Android mHealth Apps," in 2020 IEEE 31st International Symposium on Software Reliability Engineering (ISSRE), Coimbra, Portugal, Oct. 2020, pp. 253–264. DOI: https://doi.org/10.1109/ISSRE5003.2020.00032

J. Muchagata and A. Ferreira, "Mobile Apps for People with Dementia: Are They Compliant with the General Data Protection Regulation (GDPR)?:," in Proceedings of the 12th International Joint Conference on Biomedical Engineering Systems and Technologies, Prague, Czech Republic, 2019, pp. 68–77. DOI: https://doi.org/10.5220/0007352200680077

N. Momen, M. Hatamian, and L. Fritsch, "Did App Privacy Improve After the GDPR?," IEEE Security & Privacy, vol. 17, no. 6, pp. 10–20, Nov. 2019. DOI: https://doi.org/10.1109/MSEC.2019.2938445

D. S. Guamán, J. M. Del Alamo, and J. C. Caiza, "GDPR Compliance Assessment for Cross-Border Personal Data Transfers in Android Apps," IEEE Access, vol. 9, pp. 15961–15982, 2021. DOI: https://doi.org/10.1109/ACCESS.2021.3053130

Q. Jia, L. Zhou, H. Li, R. Yang, S. Du, and H. Zhu, "Who Leaks My Privacy: Towards Automatic and Association Detection with GDPR Compliance," in Wireless Algorithms, Systems, and Applications, 2019, pp. 137–148. DOI: https://doi.org/10.1007/978-3-030-23597-0_11

S. E. Polykalas and G. N. Prezerakos, "When the mobile app is free, the product is your personal data," Digital Policy, Regulation and Governance, vol. 21, no. 2, pp. 89–101, Jan. 2019. DOI: https://doi.org/10.1108/DPRG-11-2018-0068

F. H. Shezan, Y. Lao, M. Peng, X. Wang, M. Sun, and P. Li, "NL2GDPR: Automatically Develop GDPR Compliant Android Application Features from Natural Language," in 2022 IEEE Conference on Communications and Network Security (CNS), Austin, TX, USA, Oct. 2022, pp. 1–9. DOI: https://doi.org/10.1109/CNS56114.2022.10273858

M. Hatamian, "Engineering Privacy in Smartphone Apps: A Technical Guideline Catalog for App Developers," IEEE Access, vol. 8, pp. 35429–35445, 2020. DOI: https://doi.org/10.1109/ACCESS.2020.2974911

K. Bongard-Blanchy, J. L. Sterckx, A. Rossi, V. Distler, S. Rivas, and V. Koenig, "An (Un)Necessary Evil - Users’ (Un)Certainty about Smartphone App Permissions and Implications for Privacy Engineering," in 2022 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), Genoa, Italy, Jun. 2022, pp. 01–08. DOI: https://doi.org/10.1109/EuroSPW55150.2022.00023

M. Farhadi, G. Pierre, and D. Miorandi, "Towards automated privacy compliance checking of applications in Cloud and Fog environments," in 2021 8th International Conference on Future Internet of Things and Cloud (FiCloud), Rome, Italy, Aug. 2021, pp. 11–18. DOI: https://doi.org/10.1109/FiCloud49777.2021.00010

M. K. Y. Shambour, "Assessing the Usability of Hajj and Umrah Websites," in 2021 International Conference on Information Technology (ICIT), Amman, Jordan, Jul. 2021, pp. 876–881. DOI: https://doi.org/10.1109/ICIT52682.2021.9491780

"Apps Data." Sharepoint, [Online]. Available: https://stumeuedu-my.sharepoint.com/:x:/g/personal/m_shambour_meu_edu_jo/EZhW0Cqs-05HjLzudyUe0K0BeVtMKBRvSSAHd2kAvT8UzA?rtime=DS-lVQKk3Ug.

A. I. Abueid, "Big Data and Cloud Computing Opportunities and Application Areas," Engineering, Technology & Applied Science Research, vol. 14, no. 3, pp. 14509–14516, Jun. 2024. DOI: https://doi.org/10.48084/etasr.7339

A. Raghuvanshi, U. K. Singh, and C. Joshi, "A Review of Various Security and Privacy Innovations for IoT Applications in Healthcare," in Advanced Healthcare Systems, John Wiley & Sons, 2022, pp. 43–58. DOI: https://doi.org/10.1002/9781119769293.ch4

S. Almuaythir, A. K. Singh, M. Alhusban, and A. O. Daoud, "Robotics technology: catalyst for sustainable development—impact on innovation, healthcare, inequality, and economic growth," Discover Sustainability, vol. 5, no. 1, Dec. 2024, Art. no. 486. DOI: https://doi.org/10.1007/s43621-024-00744-y