Mozilla Study Slams Google Play Store False And Misleading Data Privacy Labels

The Mozilla Foundation has released a study into Google Play Store's Data Safety labels that found nearly 80 percent of the apps reviewed were false or misleading. Apps such as TikTok, Twitter, and Facebook are listed among those that are misleading its users.

The study, "See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark," has revealed some loopholes in Google's Data Safety form, making it easy for apps to provide information that misleads users. Two examples are Tik Tok and Twitter stating neither shares a user's personal data with third parties, however, both unequivocally state that user information is shared with advertisers, internet service providers, platforms, and numerous other types of companies.

The Executive Summary of the study likened its research to that of labels on packaged food, saying, "food labeling wasn't always so trustworthy." It was not until the U.S. Supreme Court decided to crack down on how companies listed items on labels in 1973, and the U.S. Food and Drug Administration introduced its standardized "Nutrition Facts" label in 1990 that consumers could actually trust what companies stated on food labeling.

Mozilla's latest research looked into Google's new data transparency system, aka Play Store's Data Safety Form. The privacy-focused research group examined 40 apps and how accurately the developers' self-reported information was submitted. The report stated four out of five of the resulting ratings were inaccurate, with 40 percent having major discrepancies which should have had a "Poor" rating for data safety.

One of the more glaring flaws with the self-reporting procedure is that Google does not require developers to report their apps sharing data with "service providers," as it uses an ambiguous definition of what a "service provider" is. Google also uses narrow definitions for data "collection" and "sharing" that allow app developers to avoid a negative label.

It seems paid apps fared worse than free apps, with half of Google Play's top 20 paid apps being placed in the "poor" category by the researchers. Those included Minecraft, Hitman Sniper, and Geometry Dash. When it came to free apps, six of the top 20 were rated as "poor," including Facebook, SnapChat, and Twitter.

A Google spokesperson replied to the report from Mozilla in an interview with The Register, stating, "This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects." They went on to say, "The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information."

The researchers stated that while the form was flawed, it is at least a step in the right direction at providing proper privacy disclosures for consumers. However, Mozilla researchers pointed out that Google and app developers "share the blame for the failure to improve data privacy transparency in Google's Play store."

The Mozilla Foundation researchers went on to say that the responsibilities of each are not the same. The privacy team added, "Google has an additional responsibility as the host of the Play store to ensure that bad actors aren't permitted to flourish at the expense of the consumer, many of whom are from vulnerable populations, like young people."