Facebook, Twitter, Minecraft report inconsistent policies in Google Play about how they use your data, study finds

Rebecca Klar
·5 min read

The majority of the most downloaded apps from Google Play Store have provided inconsistent answers about how safe user data is on their platforms, according to a report released by Mozilla on Thursday.

Mozilla, the not-for-profit organization behind the Firefox browser, looked at the 20 most popular paid and free apps in the Google Play app store for its report.

It found that nearly 80 percent of the 40 apps reviewed had “some discrepancies” between the app’s privacy policies and the information the app reported on Google’s data safety form.

That form requires that apps declare how they collect and handle user data for apps available in the Google Play Store. The report then ranked those 40 apps on how transparently they disclosed their use of personal data.

Mozilla said that the problems with Google’s plan to have apps self-report information is two-fold.

On one hand, the apps are not self-reporting “accurately enough to give the public any meaningful reassurance” about their data privacy.

On the other, Google isn’t doing enough to ensure the information provided in the form is accurate and informative for consumers, according to a copy of the report.

“The result is that consumers who want to protect their privacy and trust the information on Google’s Data Safety Form are being misled, leading them to believe these apps are doing a better job protecting their privacy than they are,” the report stated.

Developers are using ‘the honor system’ to report how safe user data is

Google required all developers as of July to disclose how they handle and collect data for the apps published on the Play Store.

A key issue identified in the Mozilla report is that the form relies “mostly on the honor system of self-reporting.”

App developers fill the form in without participation or intervention from Google, and there is “little evidence” that Google is working to ensure the accuracy of the submissions, according to the report.

Google spokesperson Danielle Cohen said in a statement the report “conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects.”

Cohen also slammed the “arbitrary grades” Mozilla assigned to apps, saying it is “not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information.”

According to Google responses included in the report by Mozilla, the company said developers “alone are responsible for making complete and accurate Data safety section disclosures for their app.”

If a developer provides inaccurate information in violation of the policy, Google said it would require it to correct the issue to comply. Failure to comply means developers can’t publish a new app or update.

Which apps reported the most inconsistencies about data safety policies to Google’s Play Store?

Lydia Winters shows off Microsoft’s Minecraft built specifically for HoloLens. (AP Photo/Damian Dovarganes, File)

According to the report, roughly half of the most downloaded paid apps in the Play Store have low similarity between what is reported on the data safety form and their own privacy policies.

The most popular free apps fared a bit better, with six out of 20 being labeled as having low similarity and the majority being identified as having some similarity, according to the report.

For example, Minecraft, one of the most popular of the top 20 paid apps, received a “poor” ranking from Mozilla in the report.

The app’s privacy policy, which links to a generic policy by parent company Microsoft, explains how it collects and uses consumers’ purchase history data, but that is omitted from Minecraft’s data safety form, the report stated.

Facebook and Messenger, both owned by parent company Meta, were among apps that received a “poor” ranking for having low similarity between their policies and the data safety form.

WhatsApp and Instagram, also owned by Meta, were each identified as an app that “needs improvement.”

Twitter was ranked as “poor.” The platform’s privacy policy states it shares personal data from users’ tweets with advertisers and third-party content and integrations, but the platform does not report that on its Google data safety form, according to the report.

The increasingly popular video sharing app TikTok was ranked as “needs improvement.” TikTok’s data safety form said it doesn’t share data with third parties, but its privacy policy provides a list of third parties that it does share data with, according to the report.

A spokesperson for Meta declined to comment. Spokespeople for Minecraft, TikTok and Twitter did not respond to a request for comment from The Hill.

Here’s what the study recommends for keeping your data safe

Mozilla’s report recommends the industry adopt a universal standard app disclosure form, akin to a nutrition facts label, rather than the “piecemeal effort” from developers and dominant app stores run by Google and Apple.

If apps are found to reveal major discrepancies, the platform owners should remove the app from their stores and sites, the report recommends.

The report’s recommendations also include calling for platforms to require apps to have specific privacy policies dedicated to the mobile app available for download in their stores, and to use clearer language disclosing their responsibility and limitations.

For the latest news, weather, sports, and streaming video, head to The Hill.