Developers Are Already Caught Lying To Users With Apple's App Privacy Labels
When Apple introduced privacy labels, it seemed to be a solid way to provide transparency for users to know what data is collected on their devices. This system relies on honesty from the app developers, but some developers crossed their fingers behind their back when they agreed to the privacy labels it seems. New research has shown that some apps had outright false or misleading labels that they present to users.
Recently, Washington Post tech columnist Geoffrey Fowler downloaded an app called “Satisfying Slime Generator,” which, as of writing, has a privacy label that states “developer does not collect any data from this app.” It seems that is not the case, though, as information is “covertly” sent to Facebook, Google, and other companies, as Fowler explains. Following this discovery, he spot-checked several dozen other apps and found that approximately a dozen or more were “misleading or flat-out inaccurate.” This included apps from social media app Rumble to the PBS Kids Video App and others in-between.
As Fowler points out, Apple has a little blurb on a popup window that states, “This information has not been verified by Apple.” Alongside that little blurb, Apple also offers a link to the developer’s privacy policy. In the case of “Satisfying Slime Generator,” it links to a Google Doc which lists some of the following things that are supposedly collected by the app:
- Device Information
- Unique Application Numbers
- Anonymous Identifiers
- IP address
- IDFAs/Advertising IDs
- Geo-location data
- Cookies
- User Activities (Movements or Actions in-app)
Ultimately, if privacy were paramount for Apple, we would see better privacy policy monitoring and fewer Google Docs privacy notices from developers. On the contrary, Apple is working to improve by eliminating IDFAs and making apps ask for permission to track users. In any case, it seems like a weird mashup of policies, and Apple needs to have one stance and one policy so loopholes and lying developers cannot sneak through the rules.