Popular Android apps’ Play Store privacy labels don’t match up to their claims, Mozilla says
Google added privacy nutrition labels for apps on the Play Store last April, bringing more transparency to its Android marketplace in response to Apple introducing similar stringent rules. These labels allow developers to disclose and explain the variety of data their apps collect from users, giving the consumers a better understanding of what they are signing up for. But a new study by Mozilla claims that disclosure labels from top apps on the Play Store don’t really match up to all data they collect on users.
Popular apps including TikTok and Twitter share user data with advertisers, internet service providers, and platforms, despite claiming not to do so in their data labels, Mozilla’s latest report in its ongoing “Privacy not included” series stated Thursday.
Developers declare these nutrition labels by filling out a Google Data Safety Form. But companies are finding loopholes in the self-disclosures, resulting in misinformation regarding data labels, Mozilla’s report said.
The organization said that Google exempts app makers from declaring any data sharing with “service providers,” which has a narrow definition in the search giant’s conditions. Furthermore, the Firefox-parent firm accused Google of putting all onus on developers to make accurate declarations. Google said at the time of the launch that it scrutinized these labels by “using systems and processes that are continuously improving.”
Mozilla studied the top 20 free apps and top 20 paid apps for this report. It assigned ratings ranging from “poor,” “needs improvement” to “OK.”
16 out of 40 apps including Twitter, Minecraft and Facebook received a “poor” grade in the report. 15 apps including TikTok, YouTube, Google Maps, and Gmail received the “needs improvement” stamp. Some apps including UC Browser, League of Stickman Acti, and Terraria amusingly didn’t even fill out the Google Data Safety Form. Google said that developers are not allowed to update their apps if they haven’t filled out the form.
“Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that. Unfortunately, they don’t. Instead, I’m worried they do more harm than good,” said Jen Caltrider, Project Lead, at Mozilla said in a statement.
“When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties. Consumers deserve better. Google must do better.”
The problem is not restricted to Google’s Play Store. Multiple reports have found that developers give false information about data sharing on Apple’s App Store as well. These reports are the latest headache for Apple and Google whose app store policies are increasingly getting scrutinized.
Earlier this month, the Biden administration accused Google and Apple of app store monopoly and said they are “not a level playing field, which is harmful to developers and consumers.” The report prepared by the Commerce Department’s National Telecommunications and Information Administration (NTIA) said that these app stores create “unnecessary barriers and costs for app developers” stifling their growth.
Caltirider said that both Apple and Google should adopt a standardized data privacy system across platforms to educate customers with correct information. Mozilla also emphasized that these tech giants should take action against apps that don’t comply with providing accurate details about data sharing.
Google pushed back against Mozilla’s findings, saying its grades were random and not helpful to measure the safety of the apps.
“This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects. The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information,” a Google spokesperson said.
The company also said that the Safety labels are relatively new offerings, and they provide better transparency than before. However, if developers put in false information, these labels could do more harm.