In a check of the top 20 paid and free apps in the Play Store, Mozilla finds that Google-mandated privacy labels often don’t match the privacy policies of the companies behind them.
The “Data safety” labels in the Play Store listings for many Android apps may themselves need a warning label, according to a new study from Mozilla.
The non-profit organization behind the Firefox browser checked the Google-mandated labels for the top 20 free and paid Android apps and found that most of the disclosures about data collection, usage, and sharing didn’t match the descriptions in the apps‘ privacy policies.
“Overall, there were so many significant discrepancies between the apps’ own privacy policies and the information they revealed on Google’s Data Safety form that we’ve concluded the apps aren’t self-reporting accurately enough to give the public any meaningful reassurance about the safety and privacy of their data,” the report says. “Further, Google isn’t doing enough to ensure the information provided in their Data Safety Form is accurate and informative for consumers.”
Among the top 20 paid apps during the research period—Sept. 11 to Nov. 5, 2022—10 earned a grade of “Poor,” meaning a wide gap between the safety label and the developer’s privacy policy.
For example, the report flunks Minecraft both for linking only to the overall privacy policy of its corporate parent Microsoft and for then claiming no data sharing in its safety label when the Microsoft policy allows that in some circumstances. The other titles judged as “Poor”: Hitman Sniper, Geometry Dash, Evertale, True Skate, Live or Die: Survival Pro, Grand Theft Auto: San Andreas, The Room Two, Need for Speed: Most Wanted, and Nova Launcher Prime.
Five paid apps—Shadow of Death: Dark Night, Bloons TD 6, The Room, Modern Combat 4: Zero Hour, and Monument Valley—got a “Needs Improvement” grade, meaning their labels had “some degree” of overlap with developer privacy policies.
