According to Mozilla, 80 percent of Google Play app security labels are inaccurate • The registry
The Mozilla Foundation has accused Google of wrongly labeling apps in the Play digital bazaar as “Data Secure” in 80 percent of cases – among the wrongly described software are TikTok, Facebook and Twitter.
“The data security labels of the Google Play Store make you believe that neither TikTok nor Twitter share your personal data with third parties,” says the Foundation’s report on the matter. “However, the apps’ privacy policies specifically state that they share user information with advertisers, ISPs, platforms, and many other types of companies.”
Mozilla’s privacy research team examined 40 apps (out of 2.7 million in the Play Store) and the accuracy of self-declaration data submitted by developers to Google’s data security form – to determine the advertising giant’s data security labels.
Mozilla staff found four out of five of the resulting ratings to be inaccurate, while 40 percent had significant discrepancies that should have given the apps a “Poor” rating for data security. Only 15 percent would have been rated “OK” if Mozillans had done the grading.
Apps that earned the researchers’ stamp of approval were: Stickman Legends Offline Games, Power Amp Full Version Unlocker, League of Stickman: 2020 Ninja, Google Play Games, Subway Surfers, and Candy Crush Saga.
Paid apps were mostly worse than non-paid apps. Half of the top 20 paid apps on Google Play were in the “poor” category, including Minecraft, Hitman Sniper and Geometry Dash. Six of the store’s top 20 free apps were rated “poor,” including Facebook, Messenger, Samsung Push Services, SnapChat, Facebook Lite, and Twitter.
Mozilla says a major flaw in the self-reporting system is that it doesn’t require developers to report when their apps share data with “service providers” — and uses a problematic definition of “service providers.” The system also uses narrow definitions of “data collection” and “sharing” that allow app developers to use loopholes to avoid negative labels. Data classified as “anonymous” are also exempt.
The researchers acknowledged that while Google’s data security form is flawed, it is at least a step toward a proper privacy statement for consumers. But Mozilla also wrote that Google and application developers “share the blame for failing to improve privacy transparency in the Google Play Store.”
“But the responsibilities are not the same,” Mozilla’s privacy team wrote. “As the owner of the Play Store, Google has an additional responsibility to ensure that bad actors cannot flourish at the expense of consumers, many of whom come from vulnerable groups such as young people.”
And, as Mozilla points out, Google, which has a profit motive, “has not devoted the necessary resources to combating the threat.”
Google unsurprisingly criticized the report.
“This report consolidates company-wide privacy policies designed to cover various products and services with unique data security labels that inform users about the data collected by each application,” a spokesperson said. The registration. “The arbitrary grades assigned to apps by the Mozilla Foundation do not measure the safety or accuracy of the labels, given their flawed methodology and lack of supporting information.” ®