Investigation Reveals Serious Data Safety Label Loopholes in Google Play Store
A recent investigation conducted by the Mozilla Foundation under its “Privacy Not Included” initiative has exposed the existence of serious loopholes in data safety labels of Android apps available on the Google Play Store. The study compared the privacy policies and labels of the 20 most popular paid apps and the 20 most popular free apps on the app marketplace. The investigation discovered that around 80% of the apps reviewed provided misleading or false information, with discrepancies between the apps’ privacy policies and the information they self-reported on Google’s data safety form.
The report revealed that app labels on data safety were not self-reported accurately, which fails to give the public any meaningful reassurance about the safety and privacy of their data. As a result, consumers are being misled into believing that these apps are doing a better job of protecting their privacy than they actually are. Three of the apps reviewed, including UC Browser – Safe, Fast, Private; League of Stickman Acti; and Terraria, did not have their data safety sections filled at all. Only six of the 40 apps received an “OK” grade.
Differences Between Google and Apple Labels
Google’s Data Safety section on the Play Store spells out the privacy and security practices of apps, which is the company’s answer to Apple’s app privacy labels. However, there are some significant differences between the two systems. Apple’s labels emphasize what data is being collected, including data collected for tracking purposes, as well as information linked to users. In contrast, Google’s labels allow developers to provide more context about why such data collection may be necessary and the security principles used to safeguard information. Both systems rely on developers to be transparent about how their apps use data.
According to Mozilla, self-reported labels may not accurately represent an app’s data-gathering policies. This raises questions about the effectiveness of such a framework in enhancing privacy transparency and enabling users to make informed decisions. For example, Google exempts apps sharing data with “service providers” from its disclosure requirements. This exemption is problematic due to the narrow definition used for service providers and the large amount of consumer data involved. Mozilla also disputes Snapchat, TikTok, and Twitter’s claims that their apps don’t share user data with other companies or organizations. The non-profit points out that the apps’ privacy policies explicitly mention sharing user information with advertisers and internet service providers, among others.
Mozilla is recommending that Apple and Google adopt a universal nutrition labelling standard. They also urge the tech giants to explain their enforcement action against apps that don’t comply and take some responsibility for ensuring the accuracy of the information apps report.
The investigation into data safety labels for Android apps available on the Google Play Store has exposed serious loopholes that allow apps to provide misleading or false information. It highlights the need for better transparency in data collection practices and for stricter enforcement to prevent apps from taking advantage of such loopholes. As users, we must be vigilant about the apps we use and the data we share to protect our privacy and security online.