An investigation into data security labels on the Google Play Store reportedly uncovered “serious loopholes” that allow apps like Twitter, TikTok and Facebook to easily provide false or misleading information about how user data is shared. The studymade by him mozilla foundationidentified 40 of the most downloaded Android apps globally on the Google Play Store and found that nearly 80 percent had discrepancies between their privacy policies and the information listed in Google Play’s data security section.
Google launched its data privacy section for the Play Store last year, noting that developers had the sole responsibility for providing “complete and accurate disclosures” for information collected by their apps by filling out a form. Google data security form. Mozilla argues that these self-reported privacy labels may not accurately reflect what user data is actually collected due to shortcomings in the security form’s honor-based system, such as having vague definitions for “collect” and “share” and no applications required. to report data shared with “service providers”.
Mozilla studied the top 20 free apps and the top 20 paid apps and then rated them with a score of “poor”, “needs improvement” or “OK” based on their findings. Sixteen of the 40 total applications, including Twitter, Minecraftand Facebook received a “poor” rating, while 15 apps, including TikTok, YouTube, Google Maps, Gmail, WhatsApp and Instagram, managed “needs improvement.” Only six apps received an “OK” rating, most of which were mobile games like candy Crush Saga and subway surfers. Three apps: UC Browser-Safe, Fast, Private; League of Stickman – Best Activities; and terrariums — hadn’t even filled out Google’s data security form.
Mozilla’s rating for the top 20 paid Android apps on Google Play.
“Consumers care about privacy and want to make smart decisions when downloading apps. Google’s data security labels are supposed to help them do that,” says Jen Caltrider, project lead at Mozilla. “Unfortunately, they don’t. Instead, I worry that they will do more harm than good.”
Mozilla’s ranking for the top 20 free Android apps on Google Play.
In an example within the report, Mozilla notes that Tik Tok and Twitter both claim not to share any data with third parties in their Data Security Forms, despite clearly stating that the data is, in fact, shared with third parties in their respective privacy policies. “When I see data security labels stating that apps like Twitter or TikTok don’t share data with third parties, I get mad because it’s completely false. Of course, Twitter and TikTok share data with third parties,” says Caltrider. “Consumers deserve better. Google needs to do better.”
Google has since issued a statement dismissing the study (seen through TechCrunch), claiming that Mozilla’s rating system is inefficient. “This report combines company-wide privacy policies that are intended to cover a variety of products and services with individual data security labels, which inform users about the data that a specific application collects,” says a spokesperson for Google. “The arbitrary ratings that the Mozilla Foundation assigned to applications are not a useful measure of the security or accuracy of the labels given the flawed methodology and lack of supporting information.”
Apple has also come under fire for its own developer-submitted privacy labels, with a 2021 report from the washington post finding that many iOS apps provided similarly misleading information, with some of the apps falsely reporting that they did not collect, share, or track user data.
Mozilla suggests that both Apple and Google should adopt a universal standardized data privacy system across all their platforms to address these concerns, and recommends that big tech companies take greater responsibility and crack down on apps that don’t provide accurate information about the user. data exchange. “Google Play Store’s deceptive data security labels give users a false sense of security,” Caltrider says. “It’s time we had honest data security labels to help us better protect our privacy.”