Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

More Than a Dozen Apps With 'Misleading or Flat-Out Inaccurate' Privacy Labels Found on App Store

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
61,502
27,050


Last month, Apple introduced privacy labels on the App Store, providing users with a broad overview of the data types an app may collect, and whether the information is used to track them or is linked to their identity or device.

app-store-privacy-labels-iphone-12.jpg

Apple has required developers to provide this privacy information when submitting new apps and app updates to the App Store since early December, but the labels function on an honor system, with fine print indicating that "this information has not been verified by Apple." As such, there is always the potential that some apps will be dishonest.

On that note, The Washington Post's Geoffrey A. Fowler recently did a spot check and discovered "more than a dozen" apps with "either misleading or flat-out inaccurate" privacy labels. One of these apps was a game called "Satisfying Slime Simulator," which Fowler said was sending his iPhone's advertising identifier and other device information to companies like Facebook, Google, and Unity, despite its privacy label indicating "No Data Collected."

Fowler listed several other apps with "No Data Collected" labels that he found to be covertly collecting user data, such as Rumble, Maps.me, and FunDo Pro. He also found the popular game Match 3D to be "sending an ID for my phone that could be used to track me to more than a dozen different companies," despite having a label that claimed it only took "data not linked to you." Match 3D has since updated its label to reflect "data used to track you."

In response to the report, Apple said it "conducts routine and ongoing audits of the information provided" and works with developers to correct any inaccuracies, adding that "apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don't come into compliance."

This issue will be partially addressed by Apple's upcoming enforcement of a privacy measure it calls App Tracking Transparency. Starting with the next betas of iOS 14, iPadOS 14, and tvOS 14, developers will be required to get a user's permission to track their activity across other apps and websites and access their device's random advertising identifier, known as the Identifier for Advertisers (IDFA), for targeted advertising and ad measurement purposes.

Apple said that, at the software level, App Tracking Transparency will prevent developers from accessing a user's IDFA unless they grant permission, preventing an app from silently tracking their activity in this manner. However, there are still other ways for apps to track users, so the accuracy of privacy labels will still not be guaranteed.

Article Link: More Than a Dozen Apps With 'Misleading or Flat-Out Inaccurate' Privacy Labels Found on App Store
 
Article Link
https://www.macrumors.com/2021/01/29/app-store-privacy-labels-accuracy-report/
E

ececlv

macrumors regular
Sep 26, 2014
123
378
MacRumors said:


Last month, Apple introduced privacy labels on the App Store, providing users with a broad overview of the data types an app may collect, and whether the information is used to track them or is linked to their identity or device.

app-store-privacy-labels-iphone-12.jpg

Apple has required developers to provide this privacy information when submitting new apps and app updates to the App Store since early December, but the labels function on an honor system, with fine print indicating that "this information has not been verified by Apple." As such, there is always the potential that some apps will be dishonest.

On that note, The Washington Post's Geoffrey A. Fowler recently did a spot check and discovered "more than a dozen" apps with "either misleading or flat-out inaccurate" privacy labels. One of these apps was a game called "Satisfying Slime Simulator," which Fowler said was sending his iPhone's advertising identifier and other device information to companies like Facebook, Google, and Unity, despite its privacy label indicating "No Data Collected."

Fowler listed several other apps with "No Data Collected" labels that he found to be covertly collecting user data, such as Rumble, Maps.me, and FunDo Pro. He also found the popular game Match 3D to be "sending an ID for my phone that could be used to track me to more than a dozen different companies," despite having a label that claimed it only took "data not linked to you." Match 3D has since updated its label to reflect "data used to track you."

In response to the report, Apple said it "conducts routine and ongoing audits of the information provided" and works with developers to correct any inaccuracies, adding that "apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don't come into compliance."

This issue will be partially addressed by Apple's upcoming enforcement of a privacy measure it calls App Tracking Transparency. Starting with the next betas of iOS 14, iPadOS 14, and tvOS 14, developers will be required to get a user's permission to track their activity across other apps and websites and access their device's random advertising identifier, known as the Identifier for Advertisers (IDFA), for targeted advertising and ad measurement purposes.

Apple said that, at the software level, App Tracking Transparency will prevent developers from accessing a user's IDFA unless they grant permission, preventing an app from silently tracking their activity in this manner. However, there are still other ways for apps to track users, so the accuracy of privacy labels will still not be guaranteed.

Article Link: More Than a Dozen Apps With 'Misleading or Flat-Out Inaccurate' Privacy Labels Found on App Store
Click to expand...
The privacy report always sounded like creating a legal obligation for the app developer. Sure you can lie, but when caught you face potential civil penalties
 
  • Like
  • Disagree
Reactions: Ian Howlett, amartinez1660, notrack and 8 others
S

SD449

macrumors regular
Jun 6, 2012
193
418
I cannot fathom why the Amazon app is using Health & Fitness Data

eta: Unless its because I use biometrics??
 
  • Like
Reactions: Ian Howlett
S

sentiblue

macrumors 6502
Aug 2, 2012
257
210
Silicon Valley
I simply don't get it when developers deliberately mis-represent themselves in this way. Except for the intentional perps of course. Apple is not dumb, they will eventually find out even if it slipped their approval radar first time. If you intentionally slip through and get caught, you'll most certainly be on their watch list and your new/updated apps will be targetted for much more intensive reviews going forward. Unless you change your dev identity, which they can detect duplicates too.
 
  • Like
Reactions: Ian Howlett, amartinez1660, Nermal and 1 other person
A

applicious84

macrumors 6502a
Sep 1, 2020
521
1,091
MacRumors said:
On that note, The Washington Post's Geoffrey A. Fowler recently did a spot check and discovered "more than a dozen" apps with "either misleading or flat-out inaccurate" privacy labels. One of these apps was a game called "Satisfying Slime Simulator," which Fowler said was sending his iPhone's advertising identifier and other device information to companies like Facebook, Google, and Unity, despite its privacy label indicating "No Data Collected."
Click to expand...
Well, that's an app I've been missing out on

Edit: This whole time, I've been using the unsatisfying slime simulator. I feel like it's just not the same, but it's probably more private. Who wants to simulate unsatisfying slime? Also, the truth is, as long as slime is simulated, I'm satisfied.
 
Last edited:
  • Haha
Reactions: polyphenol, freedomlinux, steve62388 and 2 others
switz

switz

macrumors 6502
Jan 16, 2008
443
461
East edge of Phoenix urban sprawl
So the issue is that the info is already out on the existing apps. Closing the barn door after the horse is in the field is useless. One will have to change their "ID", if possible, when all apps have the opt out function. The end user of course has perhaps no way to verify that the app takes the info anyway.
 
Pakaku

Pakaku

macrumors 68030
Aug 29, 2009
2,964
3,948
panjandrum said:
Well, it will eventually fix the issue if the developers (not just the individual app in question) are permanently banned from Apple's stores.
Click to expand...
I don't really like the idea that Apple comes up with this privacy label idea just for devs to lie on them, because Apple always likes to brag about how much they care about privacy, and we're supposed to assume we can trust them and their privacy labels now. It's too reactionary and relies too much on the honesty of devs, if they even update their apps (looking at you, Google). But I guess catching them lying is better than nothing...
 
  • Like
Reactions: Mike_Trivisonno
4jasontv

4jasontv

Suspended
Jul 31, 2011
6,272
7,548
We need a way to hold the developers accountable for falsifying information about their app. Not the company who made it, the developers themselves. That way the industry will have motivation to police themselves and push back on any upper level type that suggests they should do otherwise. At the very least whoever pushes the app or update to the App Store should be individually identifiable and personally liable for the accuracy of their description.

Analogy for the people not getting it. The pharmacist is ultimately responsible if drugs go missing. It doesn't matter that they may not be the one to last handle the drug before the customer receives it. Developers made the apps, and they are in the best position to know what it does.
 
Last edited:
  • Like
  • Disagree
Reactions: Mike_Trivisonno, amartinez1660, MikhailT and 2 others
M

MauiPa

macrumors 68040
Apr 18, 2018
3,370
4,953
panjandrum said:
Well, it will eventually fix the issue if the developers (not just the individual app in question) are permanently banned from Apple's stores.
Click to expand...
Maybe the US could pass privacy laws, then we could sue people like Facebook and sleazy developers who steal our data. Or maybe each of us could offer our data for a price that developers would have to pay to use it without our permission. My offer is $1m, hey facebook, here is your bill! A free market solution, oh yah!
 
  • Like
Reactions: Mike_Trivisonno
4jasontv

4jasontv

Suspended
Jul 31, 2011
6,272
7,548
MauiPa said:
Maybe the US could pass privacy laws, then we could sue people like Facebook and sleazy developers who steal our data. Or maybe each of us could offer our data for a price that developers would have to pay to use it without our permission. My offer is $1m, hey facebook, here is your bill! A free market solution, oh yah!
Click to expand...
Make that 1 million per access per day. We also need them to take hacks and leaks seriously too. A small percentage of FB customer data being released should bankrupt them.
 
  • Like
Reactions: kazmac, Mike_Trivisonno and amartinez1660
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom