More Than a Dozen Apps With 'Misleading or Flat-Out Inaccurate' Privacy Labels Found on App Store
Last month, Apple introduced privacy labels on the App Store, providing users with a broad overview of the data types an app may collect, and whether the information is used to track them or is linked to their identity or device.
Apple has required developers to provide this privacy information when submitting new apps and app updates to the App Store since early December, but the labels function on an honor system, with fine print indicating that "this information has not been verified by Apple." As such, there is always the potential that some apps will be dishonest.
On that note, The Washington Post's Geoffrey A. Fowler recently did a spot check and discovered "more than a dozen" apps with "either misleading or flat-out inaccurate" privacy labels. One of these apps was a game called "Satisfying Slime Simulator," which Fowler said was sending his iPhone's advertising identifier and other device information to companies like Facebook, Google, and Unity, despite its privacy label indicating "No Data Collected."
Fowler listed several other apps with "No Data Collected" labels that he found to be covertly collecting user data, such as Rumble, Maps.me, and FunDo Pro. He also found the popular game Match 3D to be "sending an ID for my phone that could be used to track me to more than a dozen different companies," despite having a label that claimed it only took "data not linked to you." Match 3D has since updated its label to reflect "data used to track you."
In response to the report, Apple said it "conducts routine and ongoing audits of the information provided" and works with developers to correct any inaccuracies, adding that "apps that fail to disclose privacy information accurately may have future app updates rejected, or in some cases, be removed from the App Store entirely if they don't come into compliance."
This issue will be partially addressed by Apple's upcoming enforcement of a privacy measure it calls App Tracking Transparency. Starting with the next betas of iOS 14, iPadOS 14, and tvOS 14, developers will be required to get a user's permission to track their activity across other apps and websites and access their device's random advertising identifier, known as the Identifier for Advertisers (IDFA), for targeted advertising and ad measurement purposes.
Apple said that, at the software level, App Tracking Transparency will prevent developers from accessing a user's IDFA unless they grant permission, preventing an app from silently tracking their activity in this manner. However, there are still other ways for apps to track users, so the accuracy of privacy labels will still not be guaranteed.