Skip to main content

Mozilla study lambasts Google over ‘misleading’ privacy labels on top Android apps

Mozilla study lambasts Google over ‘misleading’ privacy labels on top Android apps


Mozilla discovered privacy disclosure discrepancies for apps like TikTok, Twitter, and Facebook following investigation into Google Play Store data safety labels.

Share this story

If you buy something from a Verge link, Vox Media may earn a commission. See our ethics statement.

Social Media Photo Illustrations
Eighty percent of the 40 most downloaded Android apps were found to have discrepancies between their actual privacy policies and the information listed on Google Play’s data safety section.
Photo: STR/NurPhoto via Getty Images

An investigation into data safety labels on the Google Play Store has allegedly uncovered “serious loopholes” that allow apps like Twitter, TikTok, and Facebook to easily provide false or misleading information regarding how user data is shared. The study, conducted by the Mozilla Foundation, identified 40 of the most globally downloaded Android apps on the Google Play Store and discovered almost 80 percent had discrepancies between their privacy policies and the information listed on Google Play’s data safety section.

Google launched its data privacy section for the Play Store last year, noting that developers had sole responsibility to provide “complete and accurate declarations” for the information collected by their apps by filling out a Google data safety form. Mozilla argues that these self-reported privacy labels may not accurately reflect what user data is actually being collected due to shortcomings in the safety form’s honor-based system, such as having vague definitions for “collection” and “sharing” and failing to require apps to report data shared with “service providers.”

Mozilla studied the top 20 free apps and top 20 paid apps and then graded them with a score of “poor,” “needs improvement,” or “OK” based on its findings. Sixteen of the 40 total apps, including Twitter, Minecraft, and Facebook, received a “poor” grade, while 15 apps — including TikTok, YouTube, Google Maps, Gmail, WhatsApp, and Instagram — achieved “needs improvement.” Just six apps received an “OK” grade, most of which were mobile games such as Candy Crush Saga and Subway Surfers. Three apps — UC Browser-Safe, Fast, Private; League of Stickman - Best acti; and Terraria — hadn’t even filled out the Google Data Safety Form.

Grading table for top 20 paid apps

PoorNeeds ImprovementOKNot Graded
MinecraftShadow of Death: Dark KnightStickman Legends Offline GamesLeague of Stickman - Best acti
Hitman SniperBloons TD 6Poweramp Full Version UnlockerTerraria
Geometry DashThe RoomLeague of Stickman 2020- Ninja-
EvertaleModern Combat 4: Zero Hour--
True SkateMonument Valley--
Live or Die: Survival Pro---
Grand Theft Auto: San Andreas---
The Room Two---
Need for Speed: Most Wanted---
Nova Launcher Prime--

Mozilla’s grading for the top 20 paid Android apps on Google Play.

“Consumers care about privacy and want to make smart decisions when they download apps. Google’s Data Safety labels are supposed to help them do that,” says Jen Caltrider, project lead at Mozilla. “Unfortunately, they don’t. Instead, I’m worried they do more harm than good.”

Grading table for top 20 free apps

PoorNeeds ImprovementOKNot Graded
FacebookYouTubeGoogle Play GamesUC Browser-Safe, Fast, Private
MessengerGoogle Chrome: Fast SecureSubway Surfers-
Samsung Push ServicesGoogle MapsCandy Crush Saga-
Facebook LiteWhatsApp Messenger--
-Free Fire--
-Truecaller: Caller ID & Block-

Mozilla’s grading for the top 20 free Android apps on Google Play.

In one example within the report, Mozilla highlights that TikTok and Twitter both claim to not share any data with third parties in their Data Safety Forms, despite clearly stating that data is, in fact, shared with third parties in their respective privacy policies. “When I see Data Safety labels stating that apps like Twitter or TikTok don’t share data with third parties it makes me angry because it is completely untrue. Of course, Twitter and TikTok share data with third parties,” says Caltrider. “Consumers deserve better. Google must do better.”

Google has since issued a statement dismissing the study (seen via TechCrunch), claiming that Mozilla’s grading system is inefficient. “This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data safety labels, which inform users about the data that a specific app collects,” says a Google spokesperson. “The arbitrary grades Mozilla Foundation assigned to apps are not a helpful measure of the safety or accuracy of labels given the flawed methodology and lack of substantiating information.”

Two mobile phones. On the left, the display shows the TikTok app on the Google Play store claiming to not share data with third parties. On the right, TikTok’s privacy policy instead does disclose that it shares data with third parties.


Both TikTok and Twitter incorrectly claim on their Google Play listings that the app doesn’t share data with third parties.
Image: Mozilla

Apple has also been criticized for its own developer-submitted privacy labels, with a 2021 report from The Washington Post finding that many iOS apps similarly provided misleading information, with some of the apps falsely reporting that they didn’t collect, share, or track user data.

Mozilla suggests that both Apple and Google should adopt a universal standardized data privacy system across their platforms to address these concerns and recommends that large tech companies take greater responsibility and enforce action against apps that fail to provide accurate information regarding data sharing. “Google Play Store’s misleading Data Safety labels give users a false sense of security,” says Caltrider. “It’s time we have honest data safety labels to help us better protect our privacy.”