Android apps get data security stickers. This is what they tell you

Placeholder while loading article actions

Can you ask the app to delete all the data on it?

It used to be that figuring out the exact answer required a decent amount of research, but Google is trying to make it easier to find the things that app makers do with our data.

The company says Android apps that you can download in the Google Play Store for it They’re starting to reveal how they handle our data from the types they collect to how it’s used, to the reasons why it might be shared with third parties. Among other things, these new “Data Security” sections require developers to tell people who are considering downloading their apps if they can request that their data be deleted.

Fortunately, these types of data usage disclosures have become more and more common over the past few years. Google first announced its plans to push for greater data transparency within the Play Store in May 2021, long after similar privacy-focused “feed labels” began making their way to the Apple App Store. But while Big Tech has made progress unpacking the ways our apps try to understand us, privacy researchers aren’t convinced they’ve done enough yet.

“I’ve been an advocate of privacy labels for 20 years,” said Laurie Cranor, director of the CyLab Institute for Security and Privacy at Carnegie Mellon University. “And I was hoping we could do a better job.”

It will likely be a few weeks before most people start seeing these data security labels, and it will take longer before it becomes impossible to miss them. In the meantime, here’s what you should know about Google’s Android app data security disclosures.

What do app makers have to tell me?

Dedicate a little. Here’s a quick (and non-exhaustive) breakdown of what developers should disclose by July 20th:

  • Whether the apps collect any data.
  • The types of data collected — think your name, email address, location, and more — along with why it’s needed.
  • Whether any of this data is shared with third parties.
  • Whether any of the data that leaves your phone is encrypted during the transfer.
  • Whether you can request the deletion of your data.
  • Whether you can opt out of data collection entirely.

App makers can also tell users if their software has been independently validated for security or if it complies with Google’s stricter design policies for families and children, but unlike all of the above, these are completely optional.

Among the types of information that Google has asked developers to unpack for potential app users, Cranor said the company “seems to be more inclusive in talking about security and safety in general, not just about privacy” as Apple’s app labels do. However, she says she believes there are ways to make such disclosures more readable – and more useful – for non-technical people.

“Most of us want privacy, but we don’t want to spend every waking moment thinking about privacy,” she said.

her suggestions? A direct privacy score derived from the information disclosed in the label can help people make more informed decisions about downloading, as with a tool that allows people to compare privacy information for two apps side by side. “I want not only the app with lots of stars and good reviews, but the app with better privacy,” she added.

When will I start seeing them?

In theory, you can see it now – as long as you’re using a device running Android 5.0 or later. (This probably won’t be a problem for you unless your Android phone is more than seven to eight years old.)

However, it may still be a few weeks before you see these disclosures before you download a new app. Google had originally planned to make it mandatory by the end of last month, but pushed that deadline back to July 20 in part because app makers wanted more time to comply.

Although the company said in its announcement that users will start seeing data security failures at the end of April, we haven’t found any of us yet. None of the top 40 free Android apps available had a data release when we checked on May 4, nor did it include many popular apps made by Google itself. (This includes YouTube, Google Photos, Gmail, Google Fit, Chrome web browser, Gboard keyboard app, and more.)

As it turns out, we weren’t the only ones who had trouble finding these data usage detections.

“Developers fill out forms. I just looked this morning, and I asked all of my students,” Cranor said when we spoke earlier this week. “No one has found any evidence of actual labels.” So far, there aren’t any members of a larger group of researchers. And students in privacy at CMU you emailed after our conversation.

Google spokesperson Scott Westover suggested in an email that it was just an oddity in the way the company is putting out these disclosures to users and that our devices simply “may not be able to see the sections yet.”

Have you found one of these data integrity revelations in the wild? Let the help desk know.

Do all app makers have to disclose this information?

Yeah. Some Google articles on this topic sometimes use poor language, but all Android apps should have a data security section in their Play Store listing by the deadline.

If a person or company that created an app decides that they don’t want to share this type of information, they won’t be allowed to publish updated versions of their apps. Google’s Westover also says that data integrity disclosures with “unresolved issues” can be removed from the Play Store entirely, as well as apps that “intentionally contain false or misleading information”.

But that doesn’t mean that every Android app you’ll find in the Google Play Store will proudly introduce these data security bugs. Old apps that haven’t been updated—perhaps because they’ve been abandoned, or because their creators think they’re complete works that don’t need updates—may continue to exist for a while without them. This lack of data disclosure doesn’t necessarily mean you shouldn’t install these apps; You just have to be very careful while using it.

I reviewed the new “feed labels” for Apple privacy. Much was wrong.

Does anyone check to see if these disclosures are accurate?

This is the big question, and for good reason.

Shortly after Apple announced the release of privacy stickers on its App Store, our personal tech columnist Geoffrey A. Fowler found instances of apps publicly misrepresenting the amount of data they collected. The biggest offenders, who have so far eluded them, have been caught sending traceable bits of information to third parties such as Facebook and Google despite claiming that the data was not “collected” at all.

A Google spokesperson Westover said that “only developers have all the information needed” to accurately answer questions required by these disclosures, but added that the company “runs a number of checks on an app.” Data Integrity Department” for the sake of accuracy. (However, the company will not explain the nature of these checks.)

This may be true, but it is very similar to what Apple said when we did it It caught some apps that failed to deliver on their privacy promises.

Right now, it’s hard to say if the developers are being as honest as they should be with these disclosures because so few apps seem to actually have them. As these data failures become more common, we’ll start digging through them ourselves to see which app makers are playing by the rules and which are the least honest.

Leave a Comment

Your email address will not be published.