Google Play is today officially launching its own version of privacy-related “nutrition labels” for apps. The company says it will begin to roll out the new Google Play Data safety section to users on a gradual basis, ahead of the July 20th deadline that requires developers to properly disclose the data their app collects, if and how it’s shared with third parties, the app’s security practices, and more.
The company’s plan to introduce app privacy labels on Google Play was first announced last spring, months after Apple’s App Store introduced privacy labels on its own app marketplace.
While both sets of labels focus on informing users about how apps collect and manage data and user privacy, there are some key differences. Apple’s labels largely focus on what data is being collected, including data used for tracking purposes, and on informing the user what’s linked to them. Google’s labels, meanwhile, put a bigger focus on whether or not you can trust the data that’s collected is being handled responsibly by allowing developers to disclose if they follow best practices around data security.
The labels also give Android developers a way to make their case as to why they collect the data directly on the label, so users can understand how the data is used — for app functionality, personalization, etc. — to help inform the user’s decision to download the app. They can also see if the data collection is required or optional.
Google says that it heard from app developers that simply displaying the data an app collects without additional context was not enough, which is what prompted the label’s design.
At launch, the Google Play Data safety section will specifically detail the following, says Google:
- Whether the developer is collecting data and for what purpose.
- Whether the developer is sharing data with third parties.
- The app’s security practices, like encryption of data in transit and whether users can ask for data to be deleted.
- Whether a qualifying app has committed to following Google Play’s Families Policy designed to better protect children in the Play Store.
- Whether the developer has validated their security practices against a global security standard (more specifically, the MASVS).
Since introducing its plan for the labels, Google says it’s only made minor tweaks to the developer guidance and the store’s user interface and experience. This includes updates like encouraging developers to refer to their SDK providers’ data safety information and a new question about System services, among other clarifications and rewordings.
While the addition of the labels could, in theory, help Android users make better decisions about which apps they want to use, it’s not clear there’s an effort to actually check the data for accuracy at the time of submission. Asked how the data would be vetted, Google told us that developers are responsible for the information they provide. Google also said that if it finds a developer has misrepresented the data they’ve provided in violation of the policy, it won’t immediately remove the app — it will just ask the developer to fix it. Only if the app doesn’t comply would an action later be taken.
App privacy labels have already been accused of being an unreliable source of information following their launch on the App Store. According to a report by The Washington Post last year, many of the labels they reviewed in a spot-check provided false information. For instance, apps claiming they collected no data were actually found to be doing the opposite — collecting it and sharing it.
In other words, the labels functioned to give users a false sense of security about how their data was accessed and used, rather than a real way to take action. Apple, however, had told The Washington Post it would routinely audit labels for accuracy. Google makes no such claims today.
Update: After initially responding that Google will make developers responsible for this data, the company clarified that it check each Data safety section “using systems and processes that are continuously improving.”
Google has given developers until July 20 to complete their Data Safety section, but the Data safety section is already rolling out. That means many users will see apps without labels even as the product launches. That staggered release could also be by design, as it dissuades users from immediately going to check their favorite apps’ privacy and security practices; and by the time those labels arrive, users may have forgotten they had wanted to do this.
Users will begin to see the labels appear on their Android phones at some point over the next few weeks as the labels reach global users.
Correction, 12:34 pm: The article has been updated to remove a reference to location and other permission requests, which is not new.