Mozilla Study Slams Google Play Store False And Misleading Data Privacy Labels
The study, "See No Evil: How Loopholes in the Google Play Store's Data Safety Labels Leave Companies in the Clear and Consumers in the Dark," has revealed some loopholes in Google's Data Safety form, making it easy for apps to provide information that misleads users. Two examples are Tik Tok and Twitter stating neither shares a user's personal data with third parties, however, both unequivocally state that user information is shared with advertisers, internet service providers, platforms, and numerous other types of companies.
Mozilla's latest research looked into Google's new data transparency system, aka Play Store's Data Safety Form. The privacy-focused research group examined 40 apps and how accurately the developers' self-reported information was submitted. The report stated four out of five of the resulting ratings were inaccurate, with 40 percent having major discrepancies which should have had a "Poor" rating for data safety.
One of the more glaring flaws with the self-reporting procedure is that Google does not require developers to report their apps sharing data with "service providers," as it uses an ambiguous definition of what a "service provider" is. Google also uses narrow definitions for data "collection" and "sharing" that allow app developers to avoid a negative label.
A Google spokesperson replied to the report from Mozilla in an interview with The Register, stating, "This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects." They went on to say, "The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information."
The researchers stated that while the form was flawed, it is at least a step in the right direction at providing proper privacy disclosures for consumers. However, Mozilla researchers pointed out that Google and app developers "share the blame for the failure to improve data privacy transparency in Google's Play store."
The Mozilla Foundation researchers went on to say that the responsibilities of each are not the same. The privacy team added, "Google has an additional responsibility as the host of the Play store to ensure that bad actors aren't permitted to flourish at the expense of the consumer, many of whom are from vulnerable populations, like young people."