Mozilla: Top Android apps exploit privacy loopholes
Mozilla claims that top Android applications, such as Facebook, Minecraft, TikTok or Twitter exploit privacy loopholes on Google Play. The organization analyzed 40 of the most popular applications on Android in its See No Evil: Loopholes in its Google’s Data Safety Labels Keep Companies in the Clear and Consumers in the Dark study.
Google launched a new data transparency system on Google Play last year, which makes it mandatory for developers and organizations to reveal information about data collecting and sharing, as well as key privacy and security practices. While it is mandatory for developers to fill out the information, the information they provide is not verified by Google.
Mozilla decided to analyze the Data Safety Form of 40 of the Play Store's most popular apps and games to find out if the information that the creators of these apps provide match their privacy policies.
Mozilla's two key questions were:
- Is Google’s Data Safety Form effective at enhancing privacy transparency among apps in the Google Play Store?
- How accurately did app publishers in Google’s Play Store fill out Google’s Data Safety Form?
Applications and games analyzed include Twitter, TikTok, Minecraft, Facebook, SnapChat, Gmail, Google Maps, or UC Browser.
According to Mozilla's study, discrepancies between "the apps' privacy policies and the information they reported on Google's Data Safety Form" were found in almost 80% of the analyzed apps.
Mozilla graded apps according to these discrepancies. 16 of the 40 apps received a poor rating, which Mozilla reserved for "major discrepancies". Ana additional 15 apps received the "needs improvement" rating. Only 6 apps received the OK grade. The remaining three apps did not receive a rating, as they had not filled out the Google Data Safety Form.
Twitter, Minecraft, Facebook, SnapChat, and Facebook Messenger are among the apps that received the poor rating. Several Google apps, including Google Chrome, Gmail and YouTube, and apps like Instagram, WhatsApp Messenger and Spotify, received a "needs improvement" rating.
To receive a poor rating, the privacy policy and Data Safety Form information needed to have low similarity and terms used in both reports needed to differ widely "in terms of collected data types, data sharing, and their relevant purposes".
Mozilla identified two main issues with the current system. First, that Google's Data Safety Form includes "complicated terminology and definitions" that allow exploitation of the system, and second, that the information that developers provide is self-reported and not verified by Google.
Google's Data Safety Form has major shortcomings, according to Mozilla. These include potential loopholes, for example, that data sharing with "service providers" does not need to be mentioned, or that "anonymized data" does not need to be disclosed either.
Google dismissed the study, according to a statement published by TechCrunch. The study "conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects", said Google.
Mozilla's study is not the only one that raises privacy questions. Earlier this month, a Comparitech study identified privacy issues in children's apps.
This is hardly a surprise at all that these companies and many more have always been spying on its users and violating their rights.
Ever see the amount of the unnecessary trash people strip out of these apps before? It’s a laundry list of rubbish and even then it is only scratching the surface.
These companies pretend to care but really they are amongst the worst offenders. Apple is absolutely no better.
The worlds most systematic data thief and master of censoring is commanding others to behave and be transparent. haha…
Commanding to pretend to be good little children given the babies’ infancy is not verified :
1- “Google launched a new data transparency system on Google Play last year, which makes it mandatory for developers and organizations to reveal information about data collecting and sharing, as well as key privacy and security practices.”
2- “While it is mandatory for developers to fill out the information, the information they provide is not verified by Google.”
Double your pleasure and double your fun with Double Goog, Double Goog, Double Goog Scum.(1)
(1) An old ad for Double Mint Gum …
Googles censored search engine and their tracking browser chrome?
Does he know?
do these findings include the aurora store downloaded apps or google play specifically
@ anonymous, aurora store’s primary function is to provide access to the Google Play store without having a Google account. It has no effect on any of the actual apps. If they’re spyware on GP, they’ll be just as much spyware when installed through the Aurora Store.
Bypassing needing a Gmail account on Android is the absolute single most important thing to do to on your phone to preserve anything even approaching privacy on anything Google, as they link all you do, and where you do it, through your Google account.