Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Android Google Privacy

14% of Android App Privacy Policies Contain Contradictions About Data Collection (zdnet.com) 30

A large number of Android mobile apps listed on the official Google Play Store contain self-contradictory language in their privacy policies in regards to data collection practices. From a report: In an academic study published last year, researchers created a tool named PolicyLint that analyzed the language used in the privacy policies of 11,430 Play Store apps. They found that 14.2% (1,618 apps) contained a privacy policy with logical contradicting statements about data collection. Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names -- which are clearly personally-idenfiable information. While the research team could not determine the app maker's intent in using contradicting statements in their privacy policy, researchers feel the primary purpose was to mislead users if they ever took the time to read the policies.
This discussion has been archived. No new comments can be posted.

14% of Android App Privacy Policies Contain Contradictions About Data Collection

Comments Filter:
  • by Anonymous Coward
    What gives /.? All of the stories lately have no credit given whomever submitted via Firehose.
  • by reanjr ( 588767 ) on Tuesday January 21, 2020 @01:55PM (#59641576) Homepage

    This is like when you change code in one module, but forget about the related changes in other modules. This is not intended to confuse or mislead. It's just that these policies change over time. So they get their bottom barrel legal guy to write a new clause to CYA when they start sharing your email, but they don't give him the time to go over the whole EULA. They just add in the new clause.

    Do not ascribe to malice that which can be suitably explained by incompetence.

    • by sinij ( 911942 )
      I think track record on pervasive data collection is sufficiently clear and persistent to attribute it to malice.
    • This is like when you change code in one module, but forget about the related changes in other modules. This is not intended to confuse or mislead. It's just that these policies change over time. So they get their bottom barrel legal guy to write a new clause to CYA when they start sharing your email, but they don't give him the time to go over the whole EULA. They just add in the new clause.

      Do not ascribe to malice that which can be suitably explained by incompetence.

      Sorry, but incompetence shouldn't be allowed as an excuse any more than malice here. That "bottom barrel legal guy" is still a trained lawyer responsible for editing a legally binding document, so let's stop pretending the budget only allocates for a 10th-grade who was allowed to tweet EULA edits.

      A competent legal team should have spoken up to state they needed more time to do their job right. A competent management team would have understood and respected that. Instead, this smacks of corporate arroganc

      • by Anonymous Coward

        Not really:

        1: Most people don't care about privacy, so they will download that fleshlight app which demands every single privilege including GPS.

        2: Android's permission model is not really granular, so by allowing one thing, you allow a bunch of other stuff like bluetooth beacons and stuff like that.

        3: Privacy laws are a joke. Even Europe hasn't bothered enforcing the GDPR other than harassing Google, so it shows the GDPR is there mainly as a weapon for a trade war, as opposed to actual privacy protecti

  • by 110010001000 ( 697113 ) on Tuesday January 21, 2020 @02:08PM (#59641618) Homepage Journal

    ...you have no idea what they are collecting. This is closed source software. A "policy" isn't just some words that the app developer threw together by borrowing from other "policies". The software could be following the policy, or not following the policy, or transmitting all your data to Chinese trolls in Russia. Use open or free software or you are stuck with whatever the developer wants your device to do.

  • Android is a cesspool, and until Google changes its permissions rules, it will remain a Cesspool.
    • What permissions rules?

      At least Android has an ask by use case, which iOS has, and it has changed from an accept everything and install, or decline model.

      I wish xPrivacy were still around. This was a utility that would happily hand apps asking for a bunch of permissions fake data, be it GPS locations, bogus contacts, bogus songs, a black screen on the camera, static on the microphone, and so on. If an app wanted access to the SD card, it could be presented with a subdirectory, so if it went rogue and tras

  • Unless there is a means of checking on adherence, and a legal penalty for violating a policy, the policy is just words on paper and without meaning.

  • 1. You have none
    2. We will collect every bit of data we possibly can.
    2a. We will not secure said data
    2ai. You have no rights in case of data breach
    3. We will sell this data to anyone who pays the most.
  • Since when is 14% a large proportion?

    • It depends on context and what is desired or acceptable. For example, would you like to be shielded from all but 14% of a nuclear blast or a much lower number?
      That's 1618 apps. So, apparently some feel that 14% is not a low enough number. I would like to see something much closer to 0%.

  • A lot of this will be lazy copy pasta, being rubbish and adding stuff without checking what needs to be changed.

    There is however a more serious point which is the definition of personal isn't always fixed.

    In data protection however, it's typically assumed any information might be sensitive if identifiable. Data protection acts tend to simply consider something as personal if you can associate it to a specific person.

    There are layers to data protection that might however make things more complex. In
  • by ILongForDarkness ( 1134931 ) on Tuesday January 21, 2020 @03:32PM (#59641982)

    IMO most companies use the data for a few fairly consistent buckets. Login/auth/password recovery, cross site tracking, location tracking to refine results (and ads), selling data to advertisers. Selling data to government bodies. Maybe a few more.

    Anyways would be great if a few flavors of data usage policies could be agreed upon and users could then get familiar with them enough to make reasoned choices. Sorry Bill I won't download that app you recommended me because it's ScrewMeAndHow 3.0 licensed instead of We'llBeGentile 2.1 or better.

  • by Aristos Mazer ( 181252 ) on Tuesday January 21, 2020 @06:34PM (#59642618)
    It's fine to carry contradictions. All those policies also say that the company reserves the right to change the policy at their own discretion. Since they aren't a binding promise from the company to their customers, the policies are meaningless. Even well-meaning companies end up being bought, and then someone says, "Hey, to make back our investment, let's monetize this customer data. Quick! Change the privacy policy!"

    If the policy doesn't say "This policy can only be changed with your positive approval." then it might as well say, "We share with whatever and whomever we want."
  • by AHuxley ( 892839 )
    have to ad. Why is this news? Using ad tech gets you ads that work as ads....

There's no sense in being precise when you don't even know what you're talking about. -- John von Neumann

Working...