Skip to main content

More than half App Store privacy labels false in small-scale Washington Post spot checks

There’s been a lot of attention drawn to App Store privacy labels since they went live in December. Apple made them mandatory for developers submitting new apps or updating new ones. Facebook Messenger came under particular fire for the sheer volume of data linked to users.

But spot-checks by the Washington Post found that more than half the apps they reviewed were either misleading or completely false …

It began when tech columnist Geoffrey Fowler downloaded a de-stressing app.

I downloaded a de-stressing app called the Satisfying Slime Simulator that gets the App Store’s highest-level label for privacy. It turned out to be the wrong kind of slimy, covertly sending information — including a way to track my iPhone — to Facebook, Google and other companies […]

As I write this column, Apple still has an inaccurate label for Satisfying Slime. And it’s not the only deception. When I spot-checked what a couple dozen apps claim about privacy in the App Store, I found more than a dozen that were either misleading or flat-out inaccurate.

They included the popular game Match 3D, social network Rumble and even the PBS Kids Video app. (Say it ain’t so, Elmo!) Match and Rumble have now both changed their labels, and PBS changed some of how its app communicates with Google.

Apple did say earlier this week that it relies in developers to be honest, and only responds reactively when they lie.

Similar to how Age Ratings work on the App Store, developers report their own privacy practices. If we learn that a developer may have provided inaccurate information, we will work with them to ensure the accuracy of the information.

And indeed says as much in each label.

In tiny print on the detail page of each app label, Apple says, “This information has not been verified by Apple.”

But Fowler says that’s not good enough.

The first time I read that, I did a double take. Apple, which says caring for our privacy is a “core responsibility,” surely knows devil-may-care data harvesters can’t be counted on to act honorably. Apple, which made an estimated $64 billion off its App Store last year, shares in the responsibility for what it publishes […]

If a journalist and a talented geek could find so many problems just by kicking over a few stones, why isn’t Apple?

Even after I sent it a list of dubious apps, Apple wouldn’t answer my specific questions, including: How many bad apps has it caught? If being innacurate means you get the boot, why are some of the ones I flagged still available?

Others agree.

Fowler also outlines why he doesn’t think the labels are particularly helpful: the categories are overly-broad, and we don’t get to know which companies get our data. That, he argues, is like a food label that doesn’t have to list the ingredients.

Apple said:

Apple conducts routine and ongoing audits of the information provided and we work with developers to correct any inaccuracies. Apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don’t come into compliance.

What’s your view? Is Apple doing enough, or should it be more proactive in checking whether developers are telling the truth about their apps? Please share your thoughts in the comments.

Photo by Eddy Billard on Unsplash

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Ben Lovejoy Ben Lovejoy

Ben Lovejoy is a British technology writer and EU Editor for 9to5Mac. He’s known for his op-eds and diary pieces, exploring his experience of Apple products over time, for a more rounded review. He also writes fiction, with two technothriller novels, a couple of SF shorts and a rom-com!


Ben Lovejoy's favorite gear

Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications