The privacy labels of major Android apps like Tiktok are misleading

The privacy labels of major Android apps like Tiktok are misleading

Privacy “nutrition labels” designed to help you understand how an app handles your data may be empty calories, according to a new report from the Mozilla Foundation, which makes the Firefox web browser. According to the new report, there are serious discrepancies between which apps in the Google Play Store, which includes the Android app store, have reported how data is shared and collected, as well as their terms of service or privacy policy. Google’s privacy reporting tools went into effect in April 2022.

When comparing the top 20 paid and free apps in the Google Play Store (representing more than 150 billion installs), Mozilla researchers found that nearly 80 percent of them had discrepancies between their actual privacy policies and Google’s data between the information provided. Security form. The authors found that major apps such as Facebook, TikTok and Twitter were among the offenders.

The report did not take into account Apple’s app store, which promoted the use of privacy labels for app users.

“There’s not a lot of enforcement, so you’re just trusting companies to be honest when our research shows they’re not. And that’s one of the problems,” said Jen Caltrider, head of Mozilla’s *Privacy Not Included series, which aims to help protect consumer privacy and inspire action on the issue. “But companies being less truthful in their self-reports is not that shocking.”

It was shocking that the reporting rules on Google’s data security form were lax – by Google’s own design.

The findings

The report looked at the privacy policies and data security labels of 40 apps, classifying them into three categories – ‘Poor’, ‘Needs Improvement’ or ‘Good’. Those rated “Poor” showed “significant differences” in how data is shared or collected and why. According to the report, about 80 percent of apps entered false or misleading data into Google’s data security form, including Minecraft, Twitter and Facebook, which received a “Poor” rating. Other popular apps like YouTube, TikTok, Google Maps, and Gmail have been rated as “Needs Improvement”.

See also  Alexander Jackson's phone did not have a doorbell camera app, according to a defense expert

The reasons for this are varied. Take Twitter for example. The company says it “shares personal data from users’ tweets with advertisers, third-party content and integrations, APIs and ‘partners’ that it claims help operate Twitter’s products and services,” the report said. But none of this is listed on Twitter’s Google privacy form.

Meanwhile, TikTok says it doesn’t share data with third parties on its privacy policy, but the company’s privacy policy lists a number of “third-party integration partners,” including companies like Facebook and Google.

Caltrider said that one thing to keep in mind is that it’s not just the companies’ self-disclosure failure, which isn’t surprising, but Google’s wide loopholes that create gray areas around things like “third parties”.

For example, Google’s form exempts apps from having to report when user data is transferred to a third party if “the transfer of data to a third party is prominently stated in the app and the app requests your consent in accordance with Google Play’s User Data Policy.”

For Caltrider, that’s not enough, given that few people read the privacy policy, and even fewer know what they’re consenting to when they sign up for any app. Especially when you consider apps like Minecraft and TikTok, as their audiences are predominantly younger.

“Google also exempts the transmission of data to service providers,” said Caltrider. “Service providers are huge. If you read the privacy policy, you know that a lot of data is transferred to service providers for various reasons. Therefore, I believe that this, as well as the vaguely formulated specific legal goals, should be declared.”

See also  The Mountaineers close out the non-conference slate with the Ugly Sweater game against Gardner-Webb

Google also exempts fully anonymized data—though there are questions about whether data, especially location data, can ever be fully anonymized.

Although the report didn’t look at Apple’s App Store, Caltrider says he gets the impression that it’s not much better to accurately inform users of the app’s privacy policies. He’s still confused about what exactly the labels tell him.

The Mozilla report recommends that Google and Apple develop a unified framework to address user privacy issues in apps. At this point, Caltrider doesn’t want to trust what you’re reading, and it’s worth keeping in mind because of comparisons to food nutrition labels, even if they’ve been proven effective for decades.

“I don’t trust any store’s labels,” Caltrider said. “I do my own research, partly because it’s my job. And I do research to help others so they don’t have to. They do not need to read the privacy policy. But in doing research, I realized that I don’t trust them; I go to the source. And it’s usually confusing even at the source. So unfortunately there is currently no good system for consumers to know what is going on.”

Thanks to Brett Zach for copying this article.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *