A study by the Mozilla Foundation’s Privacy Not Included initiative has found that most Android apps available on the Google Play Store are providing misleading or false information regarding their data safety labels. The investigation compared the privacy policies and labels of the 20 most popular free apps and 20 most popular paid apps on the app marketplace.
It found that approximately 80% of the apps reviewed had false or misleading labels, based on discrepancies between privacy policies and the information reported on Google’s Data safety form. The study found that developers were not self-reporting accurately enough to give the public any meaningful reassurance about the safety and privacy of their data, leading consumers to believe that these apps were doing a better job at protecting their privacy than they were. Three of the apps did not have their Data safety sections filled in at all.
Last year, Google rolled out a new Data safety section on the Play Store, similar to Apple’s app privacy labels. Apple’s labels focus on what data is being collected, including information collected for tracking purposes and data that is linked to users. Google’s labels allow developers to provide more context as to why data collection is necessary, and the security principles used to safeguard the information.
However, both systems rely on developers to be transparent about how their apps use data. Mozilla argues that these self-reported labels may not accurately represent an app’s data-gathering policies and questions the effectiveness of the framework in enhancing privacy transparency and enabling users to make informed decisions.
Mozilla recommends Apple and Google adopt a universal nutrition labeling standard and urges the tech giants to explain their enforcement action against apps that do not comply and take responsibility for ensuring the accuracy of the information apps report. The non-profit also refutes Snapchat, TikTok, and Twitter’s claims that their apps do not share user data with other companies or organizations, stating that their privacy policies explicitly mention sharing user information with advertisers and internet service providers, among others.
Apps can be exempted from disclosing data sharing provided that they have sought users’ consent, the data is being shared with a developer’s service provider, or the data is fully anonymized.
