Google added power privacy labels to apps in the Play Store last April, bringing greater transparency to the Android marketplace in response to Apple’s introduction of similarly strict rules. These labels allow developers to reveal and explain the variety of data their apps collect from users, giving consumers a better understanding of what they are signing up for. But a new study from Mozilla claims that disclosure labels of top apps in the Play Store don’t really match all the data they collect about users.
Popular apps, including TikTok and Twitter, are sharing user data with advertisers, ISPs and platforms despite claiming not to do so in their data labels, Mozilla’s latest report in its ongoing “Privacy Not Included” series said Thursday.
Developers declare these nutrition labels by filling out a Google Data Safety Form. But companies find loopholes in the self-disclosures, resulting in misinformation about data labels, Mozilla’s report said.
The organization said Google exempts app makers from declaring data sharing with “service providers,” which has a narrow definition in the search giant’s terms. In addition, Firefox parent company accused Google of giving the developers full responsibility to make accurate statements. Google said at the time of launch that it was scrutinizing these labels by “using systems and processes that are constantly improving”.
Mozilla studied the top 20 free apps and the top 20 paid apps for this report. It awarded ratings ranging from “poor”, “needs improvement” to “OK”.
16 of the 40 apps, including Twitter, Minecraft and Facebook, received a “poor” grade in the report. 15 apps, including TikTok, YouTube, Google Maps, and Gmail, received the “needs improvement” stamp. Funnily enough, some apps, including UC Browser, League of Stickman Acti, and Terraria, didn’t even complete the Google Data Safety Form. Google said developers are not allowed to update their apps if they haven’t filled out the form.
“Consumers care about privacy and want to make smart decisions when they download apps. Google’s data safety labels should help them with that. Unfortunately they don’t. Instead, I’m afraid they’re doing more harm than good,” Jen Caltrider, project lead at Mozilla, said in a statement.
“When I see Data Safety labels saying that apps like Twitter or TikTok don’t share data with third parties, I get angry because it’s not true at all. Naturally, Twitter and TikTok share data with third parties. Consumers deserve better. Google needs to do better.”
The problem is not limited to Google’s Play Store. Multiple reports have revealed that developers are also providing false information about data sharing in Apple’s App Store. These reports are the latest headache for Apple and Google, whose app store policies are under increasing scrutiny.
Earlier this month, the Biden administration accused Google and Apple of app store monopoly, saying they “are not a level playing field, which is detrimental to developers and consumers.” The report prepared by the Department of Commerce’s National Telecommunications and Information Administration (NTIA) states that these app stores “create unnecessary barriers and costs for app developers” that hinder their growth.
Caltirider said that both Apple and Google should apply a standardized data privacy system across all platforms to provide customers with the right information. Mozilla also stressed that these tech giants should take action against apps that fail to provide accurate data sharing details.
Google countered Mozilla’s findings, saying the numbers were arbitrary and not helpful in gauging the apps’ security.
“This report combines company-wide privacy policies intended to cover a variety of products and services with individual data safety labels, which inform users about the data a specific app collects. The arbitrary numbers that Mozilla Foundation assigns to apps are not a useful measure of label safety or accuracy, given the flawed methodology and lack of supporting information,” said a Google spokesperson.
The company also said the safety labels are relatively new and offer more transparency than before. However, if developers enter false information, these labels can do more damage.