Credit: Pavlo Gonchar/SOPA Images/LightRocket/Getty Images
Google added privacy nutrition labels to apps on the Play Store last April, bringing more transparency to its Android marketplace in response to Apple’s introduction of similarly strict rules. These labels allow developers to disclose and explain the variety of data their apps collect from users and give consumers a better understanding of what they are signing up for. But a new study by Mozilla claims that disclosure labels from top apps on the Play Store don’t actually match all of the data they collect about users.
Popular apps like TikTok and Twitter share user data with advertisers, internet service providers and platforms, despite claiming in their data labels that they don’t, Mozilla’s latest report in its ongoing “Privacy Not Included” series said Thursday.
Developers declare this nutritional information by filling out a Google data security form. However, companies are finding loopholes in self-assessment, leading to misinformation related to data labels, Mozilla’s report said.
The organization said Google exempts app makers from sharing data with “service providers,” which is narrowly defined in the search giant’s terms. In addition, Firefox parent company accused Google of putting all responsibility on developers to provide accurate explanations. Google said at the time of launch that it was scrutinizing these labels using “systems and processes that are continually improving.”
Mozilla researched the top 20 free apps and the top 20 paid apps for this report. It gave ratings ranging from “poor”, “needs improvement” to “OK”.
16 out of 40 apps, including Twitter, Minecraft and Facebook, received a “poor” rating in the report. 15 apps, including TikTok, YouTube, Google Maps and Gmail, received the “Needs Improvement” stamp. Amusingly, some apps, including UC Browser, League of Stickman Acti, and Terraria, didn’t even fill out Google’s data security form. Google said developers are not allowed to update their apps unless they fill out the form.
“Consumers value privacy and want to make smart choices when downloading apps. Google’s Data Safety Labels are designed to help them do this. Unfortunately they don’t. Instead, I worry they’ll do more harm than good,” Jen Caltrider, project lead at Mozilla, said in a statement.
“When I see privacy labels that say apps like Twitter or TikTok don’t share data with third parties, it pisses me off because it’s completely wrong. Of course, Twitter and TikTok share data with third parties. Consumers deserve better. Google needs to do better.”
The problem is not limited to Google’s Play Store. Multiple reports have revealed that developers are also giving false information about data sharing on Apple’s App Store. These reports are the latest headaches for Apple and Google, whose app store policies are coming under increasing scrutiny.
Earlier this month, the Biden administration accused Google and Apple of app store monopoly, saying they are “not a level playing field, which is harmful to developers and consumers.” The report, produced by the Department of Commerce’s National Telecommunications and Information Administration (NTIA), says these app stores create “unnecessary barriers and costs for app developers” that stifle their growth.
Caltirider said both Apple and Google should adopt a standardized privacy regime across platforms to educate customers with correct information. Mozilla also stressed that these tech giants should take action against apps that fail to provide accurate data exchange details.
Google contested Mozilla’s findings, saying its grades were random and not helpful in measuring the apps’ security.
“This report brings together company-wide privacy policies designed to cover a variety of products and services, with individual data security labels that inform users about the data a particular app collects. The arbitrary grades that the Mozilla Foundation assigns to apps are not a useful measure of the safety or accuracy of labels given the flawed methodology and lack of robust information,” said a Google spokesperson.
The company also said the security labels are relatively new offerings and offer better transparency than before. However, if developers enter incorrect information, these labels could do more harm.
