A study from Mozilla has found severe discrepancies between the Google Play Store’s data privacy labels and a large percentage of apps’ actual policies. The study, entitled See No Evil: Loopholes in Google’s Data Safety Labels Keep Companies in the Clear and Consumers in the Dark, was conducted by Mozilla’s *Privacy Not Included — a guide dedicated to informing consumers about the security and privacy of online products while encouraging the tech industry to do more to safeguard customers.
Google Play introduced data safety labels last year as part of its new data safety requirements for apps in its store. By July 2022, All app developers were required to submit a Data Safety Form to Google outlining their privacy and security practices. Google then used this to add specific safety labels to each app that would relay critical information, such as security practices and how they handle data collection.
An admirable aim, if only the outcome reflected it.
The study’s findings
Researchers conducted the study by examining and comparing the privacy policies and labels of Google Play Store’s 20 most popular paid apps and its 20 most popular free apps. They then rated each app one of the following grades: “Poor,” “Needs Improvement,” or “OK”. For apps rated “Poor,” the information in their privacy label did not sufficiently align with their actual data-sharing policies. With “Needs Improvement,” some information aligned, while for “OK,” the information aligned for the most part.
The results found that 80% of the apps had discrepancies between privacy policies and the information they provided in Google’s Data Safety Form. 40% of the apps reviewed received a “Poor” grade, including Twitter and Minecraft. The “Needs Improvement” rating applied t 37.5%, of apps, including YouTube, Google Maps, and Instagram. Only 15% of apps got an “OK” grade, which included Candy Crush Saga and Subway Surfers. Three apps had also failed to fill out the form.
One of the most egregious misalignments came from Facebook and TikTok. Both apps are famous for sharing user data with third parties and do specifically mention this fact in their privacy policies. Yet, their Play Store Data Safety labels make customers believe they don’t. How is this level of misalignment possible?
According to the study, the self-reporting nature of Google’s Data Safety Form allows companies to easily add false or misleading information about their data collection policies. Part of this is due to loopholes in the form. One example is that Google does not require apps that share data with “service providers” to disclose this. This vague phrasing gets tech companies off the hook regarding certain types of data collection. Another issue is that Google does not verify whether the information apps provide is accurate, stating that the apps are “responsible for making complete and accurate declarations”. An assertion that might understandably make one question the point of these labels at all.
Cora is a digital copywriter for SSLs.com. Having eight years of experience in online content creation, she is a versatile writer with an interest in a wide variety of topics, ranging from technology to marketing.