Most popular apps mislead consumers about the data they collect, study claims

Photo (c) Dimarik - Getty Images

Google is now making it easier to review your permissions

When was the last time you looked at what personal information and approvals you give the apps that you use on a regular basis? If free apps like Twitter, Facebook, Facebook Lite, and Snapchat – or paid apps like Minecraft or Grand Theft Auto: San Andreas – are in your app collection, you may want to take a second look. 

Why? Because in those apps’ privacy policies, you might find that you’ve given them the okay to share user information with advertisers, internet service providers, platforms, and numerous other types of companies. In short, it may be your information, but it could easily find its way elsewhere.

In a new study – “See No Evil: How Loopholes in the Google Play Store’s Data Safety Labels Leave Companies in the Clear and Consumers in the Dark,” –  Mozilla Foundation researchers pulled off their blinders to look at whether Google Play Store’s new data safety labels provide consumers with accurate information about apps that collect, use, and share personal data.

In an astonishing 80% of the apps reviewed, Mozilla found that what those app companies self-reported on Google’s Data Safety Form and what their policies actually say are two different things. 

Google is very upfront about how a person can control what information it shares with the company, but in the researchers’ opinion, the loopholes it found are “serious,” and said that Google absolves itself of the responsibility to verify whether the information is true by stating that apps “are responsible for making complete and accurate declarations” in their data safety labels.

The good, bad, and the “who, us?”

For the study, Mozilla compared privacy policies and labels of the 20 most popular paid apps and the 20 most popular free apps on the Google Play Store. Each label was then assigned a rating of “Poor,” “Needs Improvement,” or “Okay” depending on the extent of the discrepancies between what those app companies told Google and what was really going on. 

  • Poor: 16 out of 40 apps, or 40%, including Minecraft, Twitter, and Facebook.

  • Needs Improvement: 15 apps, or 37.5%, received a middle grade, including YouTube, Google Maps, Gmail, TikTok, WhatsApp Messenger, and Instagram.

  • Okay: Just six of the 40 apps, or 15%, received an “Okay” grade. These apps were:  Candy Crush Saga, Google Play Games, Subway Surfers, Stickman Legends Offline Games, Power Amp Full Version Unlocker, and League of Stickman: 2020 Ninja.

"Consumers care about privacy and want to make smart decisions when they download apps," said Jen Caltrider, Project Lead, Mozilla. "Google's Data Safety labels are supposed to help them do that. Unfortunately, they don't. Instead, I'm worried they do more harm than good.  

"When I see Data Safety labels stating that apps like Twitter or TikTok don't share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties. Consumers deserve better. Google must do better."

Caltrider added: '"Google Play Store's misleading Data Safety labels give users a false sense of security. Honest nutrition labels help us eat better. It's time we have honest data safety labels to help us better protect our privacy."

What consumers can do to protect themselves

If any of this creeps you out, the first thing you should do is perform a basic review of the app’s permissions in your device’s settings and turn off what concerns you.

Caltrider explained it this way: “Does the weather app inexplicably want access to your camera and microphone? Does a game for kids need access to the camera and precise location? This level of intrusive access doesn't make much sense and would raise a potential red flag for a privacy researcher like myself.”

First, look at permissions 

Caltrider told ConsumerAffairs that looking at what permissions an app uses is a great way to gauge if you can trust the app at all and that concerned consumers should go to the Google Play App Store page, click on “About this App” and scroll all the way down to the bottom of that window to find out what other little surprises there might be.

“There, you will see a section called ‘Permissions’ -- click on ‘View Details’ and decide for yourself if you're comfortable with granting the app access to the data listed,” she said.

As luck would have it, Google’s new system software for Android phones has all security and privacy settings, including passwords, in one place (Settings > Security & privacy). When ConsumerAffairs reviewed the updates, it began with Alerts that, in our test, warned us that we had given an app background location access. With a single click, that devil was behind us. 

“These [privacy features] are most certainly not foolproof, but it never hurts to open up the privacy settings on your phone once a month and check through things to make sure you’re comfortable with all the location sharing and permissions you’ve granted the apps you have,” Caltrider said.

Take a breath and pore through the privacy policy, looking for two specific words. Caltrider noted that if you can suck up the boredom of reading privacy policies and look for the words “collect” or “sell,” you’ll get an even tighter bead on what personal info an app is trying to suck into its system. 

Delete, delete, delete! 

“My last bit of advice is to only keep apps on your phone that you absolutely need. Delete that real estate app after you buy your house. Delete that dating app after you find the love of your life. Don’t install that social media app if you can visit the site through your web browser instead,” she said.

“Clean up those apps because privacy policies change, security vulnerabilities happen, and it’s a pretty easy way to keep yourself a little bit safer.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.