Jump to content
  • Mozilla says “most top apps” on Android have misleading privacy labels

    alf9872000

    • 454 views
    • 4 minutes
     Share


    • 454 views
    • 4 minutes

    App privacy policies openly contradict the far more visible "nutrition labels."

     

    It looks like trusting developers to just tell the truth about data collection on Google Play isn't working out. Just like on iOS, Android launched app privacy "nutrition labels" in the Play Store last year, with the idea being that users could quickly get a look at how much data each app collects. The obvious problem with this system is that the developers fill out the data-collection forms, and there's nothing to stop them from lying or omitting certain data-collection policies. It's no surprise, then, that when Mozilla recently audited the top apps on Google Play, it found that "most top apps" have "false or misleading" app privacy labels.

     

    Mozilla says it surveyed 40 of the Play Store's most popular apps by global downloads and found that "in nearly 80% of the apps we reviewed, we found some discrepancies between the apps’ privacy policies and the information they reported on Google’s Data Safety Form." Each app received a grade of “Poor,” “Needs Improvement,” or “OK,” with 16 out of 40 apps getting the lowest rating.

     

    Mozilla did not need to dig very deep to find flaws, saying that many apps' privacy labels openly contradict their public privacy policies. Snapchat, TikTok, and Twitter all claim "No data shared with third parties" on the Play Store but detail third-party sharing in their privacy policies. For free apps, the list of recipients earning a "poor" grade isn't very surprising: Facebook, Facebook Messenger, Facebook Lite, Snapchat, Twitter, and, the one surprise, Samsung Push Services. A lot of paid games like Minecraft make the "poor" list, too.

     

    Tiktok-image-phones.width-1840-980x835.p

    Enlarge / TikTok's Google Play privacy label versus its privacy policy.
    Mozilla
     

    Mozilla says: "There’s little evidence that Google works diligently to ensure the accuracy of the submissions, and this lack of enforcement renders the quality of the information very poor in a great many cases." Mozilla came up with several recommendations for Google, should it want to improve the situation, like having an actual punishment for lying on the form and clearly disclosing to users that Google doesn't vet any of these answers. Mozilla also wants to see Google and Apple work together to standardize the design of app privacy labels across ecosystems. Just as a single food nutrition label has a standard design across products, Mozilla says a privacy label should have one design, too.

     

    Mozilla rates a few Google apps like Gmail as "needs improvement," but that's missing the forest for the trees. The report doesn't dive into this, but for Android, Google likes to do privacy sleight-of-hand and center the discussion around the idea of "app privacy," when "OS privacy"—privacy from Google—should probably be more of a concern. Google and your device manufacturer both have system-level access to the OS that exists outside the app security model, so they can basically do whatever they want on your phone, including collecting all your data.

     

    Even if the app privacy labels were accurate, Android is a class of company that doesn't need the apps to vacuum up your data; it could just use a million various system-level services instead. One such service, Google Play Services, has a blank app privacy screen! If it were accurate, it would be a mile long, but Google would apparently rather you not look behind the curtain. The same "privileged permissions" model also applies to preinstalled apps, which is part of the reason Facebook works so hard to be preinstalled on most Android phones—more permissions means better spying. It would be nice if the Play Store labels were accurate, too, but nobody wants to talk about the entire OS.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...