According to a new study by Mozilla(Opens in a new window), the “data security” labels in the Play Store listings of many Android apps themselves need a warning.
The nonprofit organization behind the Firefox browser reviewed the Google-mandated labels(Opens in a new window) for the top 20 free and paid Android apps and found that most of the data collection, usage, and sharing disclosures didn’t match the Descriptions in the privacy policies of the apps.
“Overall, there were so many significant discrepancies between the apps’ own privacy policies and the information they disclosed on Google’s data security form that we concluded that the apps are not self-reporting accurately enough to provide any meaningful assurance to the public about it.” to provide security and privacy for their data,” the report said. “Additionally, Google does not do enough to ensure that the information provided in its data security form is accurate and informative to consumers.”
Five paid apps — Shadow of Death: Dark Night, Bloons TD 6, The Room, Modern Combat 4: Zero Hour, and Monument Valley — received “Needs Improvement” grades, meaning their labels align “to some extent” with the Developer privacy policies overlapped. And three paid titles — Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman 2020 – Ninja — got away with an “OK” verdict, meaning the label and policy were essentially the same.
Free apps performed slightly better in Mozilla’s analysis. Six apps were beaten with a bad grade; three are meta titles (Facebook, Messenger, and Facebook Lite) and the others are Samsung Push Service, Snapchat, and Twitter.
TikTok, an app caught stealthily collecting device-level identifiers on Android in 2018 and 2019, drew particular scorn in the report despite only landing in the “needs improvement” zone.
In addition to TikTok, nine other free apps received “needs improvement” ratings. Four came from Google (YouTube, Chrome, Google Maps, and Gmail) and two from Meta (WhatsApp and Instagram), with Free Fire, Spotify, and Truecaller: Caller ID & Block rounding out this list. Only three received an OK mark: Google Play Games, Subway Surfers, and Candy Crush Saga.
Recommended by our editors
The report calls for Google to adopt a standardized label modeled on the FDA’s Nutrition Facts to indicate the collection, use, and disclosure of app data. require app-specific privacy policies to allow for easier comparisons by users; Warn users more clearly that these labels are not fact-checked; conduct its own periodic reviews of these labels; and insist on narrower definitions of “collection”, “sharing” and “anonymized”.
Mozilla asked Google to comment on its findings and included its full responses in the report: “If we discover that a developer has provided inaccurate information in their data security form and is in breach of policy, we will request the developer to report the issue fix to meet. Apps that are not compliant are subject to enforcement action,” reads part of one of Google’s responses. “Developers can no longer release a new app or an app update if their data security form is incomplete or has unresolved issues.”
Google introduced these security labels in April 2022, nearly a year and a half after Apple began enforcing a similar requirement in its app store in November 2020. (The Mozilla report notes that Apple had its own issues with the accuracy of the labels, as highlighted in a January 2021 Washington Post report(Opens in a new window).) For a time, Google intended the labels to be the feature-specific lists of App permissions for data sources like a device’s camera or its exact or approximate location has long been the primary app privacy tool in Android, but it gave way after a predictable outcry over the notion of an objective list of what a app can and can’t do with a subjective list, self-certified by an app’s developer.
Mozilla’s report is the latest result of its Privacy Not Included project(Opens in a new window), in which the nonprofit seeks to highlight privacy gaps in the rest of the tech ecosystem. For example, check out the annual gift guides, which identify privacy-invading devices best avoided by holiday shoppers.
Get our best stories!
Sign up for What’s New Now to get our top stories delivered to your inbox every morning.