Data Privacy Labels for Most Top Apps in Google Play Store are False or Misleading, Mozilla Study Finds

Mozilla researchers find discrepancies between Google Play Store's Data Safety labels and privacy policies of nearly 80 percent of the reviewed apps. From the report: Google Play Store's Data Safety labels would have you believe that neither TikTok nor Twitter share your personal data with third parties. The apps' privacy policies, however, both explicitly state that they share user information with advertisers, Internet service providers, platforms, and numerous other types of companies. These are two of the most egregious examples uncovered by Mozilla's *Privacy Not Included researchers as part of a study looking at whether Google Play Store's new Data Safety labels provide consumers with accurate information about apps collect, use, and share personal data. In nearly 80 percent of the apps reviewed, Mozilla found that the labels were false or misleading based on discrepancies between the apps' privacy policies and the information apps self-reported on Google's Data Safety Form. Researchers concluded that the system fails to help consumers make more informed choices about their privacy before purchasing or downloading one of the store's 2.7 million apps.

The study -- 'See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark,' -- uncovers serious loopholes in the Data Safety Form, which make it easy for apps to provide false or misleading information. For example, Google exempts apps sharing data with 'service providers' from its disclosure requirements, which is problematic due to both the narrow definition it uses for service providers and the large amount of consumer data involved. Google absolves itself of the responsibility to verify whether the information is true stating that apps 'are responsible for making complete and accurate declarations' in their Data Safety labels. In a statement Google said: 'This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects. The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information.'

Read more of this story at Slashdot.