Google Play: 80% of their apps safety labels are wrong

The Mozilla Foundation has accused Google of falsely classifying apps as “Data Safe” in its Play digital marketplace as much as 80% of the time. Misclassified apps include TikTok, Facebook, and Twitter.

According to their research, Firefox assessed the top 20 paid and free apps, assigning them a “poor,” “needs improvement,” or “OK” rating. A “poor” score gave to 16 out of the 40 total apps, including Twitter, Facebook, and Minecraft. While “needs improvement” gave to 15 of them, including TikTok, YouTube, Google Maps, Gmail, WhatsApp, and Instagram. Just six apps, mostly mobile games like Candy Crush Saga and Subway Surfers, were given a “OK” rating. League of Stickman – Best Acti, Terraria, and UC Browser-Safe, Fast, Private weren’t even using the Google Data Safety Form.

Research

“Google Play Store’s Data Safety labeling would have you presume that neither TikTok nor Twitter share your personal data with third parties,” the Foundation found. Both apps’ privacy policies state that they share user data with platforms, advertising, ISPs, and other organizations.

Mozilla’s privacy-focused research team examined 40 apps from the Play store’s 2.7 million to evaluate Google’s data safety labels.

Four out of every five of the resulting ratings, according to Mozilla’s staff, were incorrect, and 40% of them had significant differences that should have given the apps a “Bad” grade for data security. Had Mozillans graded the students, only 15% would have gotten a “OK” mark.

The researchers approved Stickman Legends Offline Games, Power Amp Full Version Unlocker, League of Stickman: 2020 Ninja, Google Play Games, Subway Surfers, and Candy Crush Saga.

Google Play Free Apps

Most of the time, paid apps were inferior to free apps. The majority of the top 20 paid apps on Google Play, such as Minecraft, Geometry Dash, were rated as “OK.” The top 20 free apps in the marketplace, including Facebook, Messenger, Samsung Push Services, SnapChat, Facebook Lite, and Twitter, all received a “bad” rating.

Mozilla claims that self-reporting fails because it does not force developers to report data sharing with “service providers” and utilizes an inaccurate definition of the term. Nevertheless, narrow definitions of “collecting” and “sharing” data allow app makers to avoid sanctions. The use of “anonymous” data is likewise prohibited.

Customers’ Privacy

“Consumers are concerned with privacy and want to download apps wisely. The goal of Google’s Data Safety labels is to assist users in accomplishing this, according to Firefox project manager Jen Caltrider. They unfortunately don’t. I’m concerned that they actually cause more harm than benefit.

Notwithstanding its faults, Google’s Data Safety form improves user privacy disclosures, according to the researchers. Google and app developers “share the burden for the failure to improve data privacy transparency in Google’s Play store,” according to Mozilla.

The Firefox privacy team said, “Yet the duties of each are not the same. “As the Play store owner, Google has an additional duty to prevent criminal actors from prospering at the expense of consumers, many of whom are vulnerable, particularly young people.”

However, Google, which has a commercial motivation, “has not committed the resources necessary to tackle the threat,” Mozilla adds.

Google Play has criticized the story

“This study conflates particular Data Safety labels. Inform consumers about the data an app collects, including company-wide privacy guidelines covering a variety of goods and services”. Mozilla Foundation’s poor approach and lack of supporting data make app ratings unreliable for labelling safety or accuracy.

There are supposedly “severe vulnerabilities” in the data safety labels on the Google Play Store. Let Twitter, TikTok, and Facebook to misrepresent data sharing. The Mozilla Foundation studied the Google Play Store’s top 40 Android apps by global downloads. About 80% had privacy policies different from the store’s data safety section.

Conclusions

Last year, Google released its Play Store data privacy section. It was the sole obligation of developers to submit “full and accurate disclosures” for the data. Due to flaws in the safety form’s honor-based system, such as ambiguous definitions for “collection” and “sharing,”. They claim self-reported privacy labels may not fully reflect user data collection because apps do not require to record data sharing with “service providers.”