Mozilla Foundation: Google Play’s privacy labels are false or misleading

In 2022, Google learned from Apple’s requirements that developers must add data privacy labels in Google Play for users to view when submitting their apps or games.

The labels include information on what data the app or game collects and which data is shared with third parties. Users can decide whether to continue downloading based on the labels.

The Mozilla Foundation, which focuses on privacy and security, released a research report on this feature and found that Google Play’s data privacy labels are actually worthless.

Why are they considered worthless? Because developers selectively add labels, omitting certain labels related to the data they collect.

According to the Mozilla Foundation’s evaluation, top developers who rank in the top 20 of Google Play’s free and paid rankings do not comply with Google’s rules. Only Google Play Games, Subway Surfers, and Candy Crush fully comply with the evaluation.

40% of the apps evaluated had significant discrepancies with the data labels added by the developers themselves, and 80% of the apps had slight differences between the data collected and the labels.

The worst performers were Facebook, Messenger, Samsung Push Services, Snapchat, Twitter, and FB Lite. Those that need improvement include YouTube, Chrome, Google Maps, Gmail, WhatsApp Messenger, Instagram, and TikTok.

UC Browser – Safe, Fast, Private; League of Stickman Acti; and Terraria did not add any data privacy labels, but it’s clear that these apps and games collect user data.

The Mozilla Foundation criticized Twitter and TikTok, both of which marked themselves in Google Play as not sharing data with third parties. However, both work with third-party advertising providers to push personalized ads, so they share data.

The Mozilla Foundation claimed that Google is deceiving users. The intention of adding data privacy labels was to allow users to check data collection before downloading. If users do not want their data collected and shared, they can choose not to download it.

Although Google provides this feature, it does not strictly review whether developers’ privacy policies and data privacy labels match. In other words, developers can mark anything they want.

This has resulted in a severe consequence: users believe that the data privacy labels are accurate, and they trust Google, but in reality, Google is only providing a false sense of security.

In the conclusion of the report, the Mozilla Foundation recommends that Google and Apple adopt a universal, standardized data privacy system instead of their own false labels. As platform operators, Google and Apple should also strictly review the disclosure details of applications. If there are false disclosures, they should be punished to set an example.