14% of Android App Privacy Policies Contain Contradictions About Data Collection (zdnet.com) 30
A large number of Android mobile apps listed on the official Google Play Store contain self-contradictory language in their privacy policies in regards to data collection practices. From a report: In an academic study published last year, researchers created a tool named PolicyLint that analyzed the language used in the privacy policies of 11,430 Play Store apps. They found that 14.2% (1,618 apps) contained a privacy policy with logical contradicting statements about data collection. Examples include privacy policies that stated in one section that they do not collect personal data, only to contradict themselves in subsequent sections, where they state they collect emails or customer names -- which are clearly personally-idenfiable information. While the research team could not determine the app maker's intent in using contradicting statements in their privacy policy, researchers feel the primary purpose was to mislead users if they ever took the time to read the policies.
Submitters never credited for stories (Score:1)
Re: (Score:2)
That's interesting because they did that in the past... but most Firehose submissions were from RSS feeds that ./ didn't want to credit.
To question further, please log in.
The primary purpose is CYA (Score:4, Insightful)
This is like when you change code in one module, but forget about the related changes in other modules. This is not intended to confuse or mislead. It's just that these policies change over time. So they get their bottom barrel legal guy to write a new clause to CYA when they start sharing your email, but they don't give him the time to go over the whole EULA. They just add in the new clause.
Do not ascribe to malice that which can be suitably explained by incompetence.
Re: (Score:3)
Re: (Score:3)
This is like when you change code in one module, but forget about the related changes in other modules. This is not intended to confuse or mislead. It's just that these policies change over time. So they get their bottom barrel legal guy to write a new clause to CYA when they start sharing your email, but they don't give him the time to go over the whole EULA. They just add in the new clause.
Do not ascribe to malice that which can be suitably explained by incompetence.
Sorry, but incompetence shouldn't be allowed as an excuse any more than malice here. That "bottom barrel legal guy" is still a trained lawyer responsible for editing a legally binding document, so let's stop pretending the budget only allocates for a 10th-grade who was allowed to tweet EULA edits.
A competent legal team should have spoken up to state they needed more time to do their job right. A competent management team would have understood and respected that. Instead, this smacks of corporate arroganc
Re: (Score:2)
"Sorry, but incompetence shouldn't be allowed as an excuse any more than malice here. That "bottom barrel legal guy" is still a trained lawyer responsible for editing a legally binding document"
The Privacy Policy is not a legally binding document. Nor is any document that is not signed and dated by all parties on whom it is supposed to be binding. They are merely story-books for entertainment purposes with no legal status at all.
If that is actually true, then why do they even exist?
And I want you to really think about that from every perspective. The large corporation that spends millions on armies of lawyers. The fact that damn near every modern software installer comes with a EULA which you must agree to before even being allowed to use or install the product.
That sure sounds like a shitload of pointless and wasteful effort for a document and process you claim is nothing more than "story-books for entertainment purposes". I ca
Re: (Score:2)
Well the rule is simple. I use to try out apps, load some for fun but I stopped. To keep the device more stable and secure, I unloaded every app I did not need and disabled all Google apps I did not use. I stored some content to watch and listen to but no longer play any games on the phone, simply too much of a hassle to keep stable and secure.
I would think children would be by far the biggest installer of android apps and smart adults have started to cut way back on app installation and are starting to put
Re: (Score:2)
...smart adults have started to cut way back on app installation and are starting to put the phone down more and more...
There is so much bullshit in this one sentence I felt I needed to quarantine it from the rest of your comments.
Statistics just called you a liar. And Addiction tried to comment, but can't stop laughing.
Re: (Score:2)
"If that is actually true, then why do they even exist?"
They exist in order to make the stupid believe that they are meaningful when they are not.
I was referring to the "idiots" running every software business who spend hundreds of thousands or more hiring highly trained lawyers to waste all that time and money in order to "make stupid people believe they are meaningful." You really think every software vendor is going to go through all that effort for the reason you cited? Give me a break. Spend zero dollars, and just post these "meaningful" EULAs on social media if that's the business intent here. Obviously no vendor actually does that, because
Re: (Score:1)
Not really:
1: Most people don't care about privacy, so they will download that fleshlight app which demands every single privilege including GPS.
2: Android's permission model is not really granular, so by allowing one thing, you allow a bunch of other stuff like bluetooth beacons and stuff like that.
3: Privacy laws are a joke. Even Europe hasn't bothered enforcing the GDPR other than harassing Google, so it shows the GDPR is there mainly as a weapon for a trade war, as opposed to actual privacy protecti
The main problem is... (Score:3)
...you have no idea what they are collecting. This is closed source software. A "policy" isn't just some words that the app developer threw together by borrowing from other "policies". The software could be following the policy, or not following the policy, or transmitting all your data to Chinese trolls in Russia. Use open or free software or you are stuck with whatever the developer wants your device to do.
Android will allow Android to Remain a Cesspool (Score:2)
Re: (Score:2)
What permissions rules?
At least Android has an ask by use case, which iOS has, and it has changed from an accept everything and install, or decline model.
I wish xPrivacy were still around. This was a utility that would happily hand apps asking for a bunch of permissions fake data, be it GPS locations, bogus contacts, bogus songs, a black screen on the camera, static on the microphone, and so on. If an app wanted access to the SD card, it could be presented with a subdirectory, so if it went rogue and tras
Policies are useless (Score:2)
Unless there is a means of checking on adherence, and a legal penalty for violating a policy, the policy is just words on paper and without meaning.
Re: (Score:2)
100% correct.
App Privacy Policies (Score:2)
2. We will collect every bit of data we possibly can.
2a. We will not secure said data
2ai. You have no rights in case of data breach
3. We will sell this data to anyone who pays the most.
14% is large? (Score:2)
Since when is 14% a large proportion?
Re: (Score:2)
It depends on context and what is desired or acceptable. For example, would you like to be shielded from all but 14% of a nuclear blast or a much lower number?
That's 1618 apps. So, apparently some feel that 14% is not a low enough number. I would like to see something much closer to 0%.
Re: 14% is large? (Score:2)
Sure, but in THIS context some 1,000 odd apps is not a lot.
Mostly incompetence but also... (Score:2)
There is however a more serious point which is the definition of personal isn't always fixed.
In data protection however, it's typically assumed any information might be sensitive if identifiable. Data protection acts tend to simply consider something as personal if you can associate it to a specific person.
There are layers to data protection that might however make things more complex. In
Need a GPL for privacy (Score:3)
IMO most companies use the data for a few fairly consistent buckets. Login/auth/password recovery, cross site tracking, location tracking to refine results (and ads), selling data to advertisers. Selling data to government bodies. Maybe a few more.
Anyways would be great if a few flavors of data usage policies could be agreed upon and users could then get familiar with them enough to make reasoned choices. Sorry Bill I won't download that app you recommended me because it's ScrewMeAndHow 3.0 licensed instead of We'llBeGentile 2.1 or better.
The policies also say they can change at will (Score:3)
If the policy doesn't say "This policy can only be changed with your positive approval." then it might as well say, "We share with whatever and whomever we want."
Ads (Score:1)