Mozilla says ‘most popular apps’ for Android have misleading privacy labels

It seems that trusting developers to simply tell the truth about data collection on Google Play will not work. As with iOS, last year Android launched “nutrition labels”for apps on the Play Store, designed to let users quickly see how much data each app is collecting. The obvious problem with this system is that the developers fill out the data collection forms themselves and nothing stops them from lying or ignoring certain data collection policies. So it’s not surprising that when Mozilla recently audited the top apps on Google Play, it found that “most popular apps”had “false or misleading”app privacy labels.

Mozilla says it conducted a survey of the 40 most popular Play Store apps by number of downloads worldwide and found that “in nearly 80% of the apps we reviewed, we found some inconsistencies between the apps’ privacy policies and the information they provided on the Google data security form”. .» Each app was rated Poor, Needs Improvement, or Good, with 16 out of 40 apps scoring the lowest.

Mozilla didn’t have to dig too deep to find flaws, stating that many apps’ privacy labels openly contradicted their public privacy policies. Snapchat, TikTok, and Twitter state that “data is not shared with third parties”on the Play Store, but details the sharing of data with third parties in their privacy policies. For free apps, the list of recipients that received a “bad”rating is not very surprising: Facebook, Facebook Messenger, Facebook Lite, SnapChat, Twitter, and, surprisingly, Samsung Push Services. Many paid games, such as Minecraft, also fall into the “poor”list.

Mozilla says, “There is little evidence that Google is working diligently to ensure the accuracy of submissions, and this lack of control makes the quality of the information very poor in many cases.”Mozilla has prepared a list of several recommendations for Google if it wants to improve the situation, such as effectively penalizing the lie on the form and clearly telling users that Google is not reviewing any of these responses. Mozilla also wants Google and Apple to work together to standardize the design of app privacy labels across ecosystems. Just as a single nutritional label has a standard design for all products, Mozilla says that a privacy label should also have a single design.

Mozilla rates some Google apps, like Gmail, as “in need of improvement,”but there’s not enough forest behind the trees. The report doesn’t say it, but with Android, Google likes to use sleight of hand to focus the discussion on the idea of ​​”app privacy”while “OS privacy”- Google’s privacy – should be more important. anxiety. Google and your device manufacturer have system-level access to an OS that exists outside of the app security model, so they can do whatever they want on your phone, including collecting all your data.

Even if the app privacy labels were accurate, Android is a class of companies that don’t really need apps to clean up your data; instead, it could just use a million different system-level services. One such service, Google Play Services, has a blank app privacy screen! If it were accurate, it would be a mile long, but Google would presumably prefer that you don’t peek behind the scenes. The same “privileged permissions”model“also applies to pre-installed apps, which is one of the reasons Facebook works so hard to be pre-installed on most Android phones: the more permissions, the better the spying. It would be nice if the Play Store labels were accurate too, but no one wants to talk about the entire OS.