Contradicting Privacy Policies Of Android Apps

Contradicting Privacy Policies Of Android Apps

Researchers and academics from North Carolina State University and the University of Illinois at Urbana-Champaign used a  language analyzing tool, PolicyLint, to analyze privacy policies set in place by app makers. They noticed that some privacy policies have logical contradicting statements regarding data collection. In the study, they found that the privacy policies of 14.2% of apps available in the Play Store contain confusing statements about user data collection practices.

As there were 11,430 apps analyzed, which means there are 1,618 apps contained self-contradictory privacy policies. For instance, some privacy policies stated that they DO NOT collect personal data in the prior section but contradict themselves in the subsequent sections by stating they DO collect personally identifiable information such as emails and customer names. The contradicting statements may be used under the app maker’s intent though, the research found that these statements could also be just the auto-generated template. There were 59 apps found using the auto-generated privacy policy. Nevertheless, as the majority of these privacy policies were unique and not a template, these app makers are susceptible to fines from EU and US privacy watchdogs.

In addition, among the 1,618 apps with self-contradictory privacy policies, the research team took a sample of 510 apps and tried to notify the app makers about the inaccurate privacy policies. However, from these 510 apps, the research team can only find 260 apps having the contact emails listed. After they tried to send out emails to these 260 app makers, they found that there were 16 email addresses are either invalid or unreachable. Of the rest 244 email addresses they reached out successfully, only 11 app makers replied to the email, and only 3 of them corrected the policies. This is not the only study analyzed Play Store apps for inconsistencies between data collection practices and what was explicitly disclosed in privacy policies. In other research, the team found the 10.5% of 68,051 apps are sharing personal data with third-party services but not declaring it in their privacy policies.


Meeting Regulatory and Compliance Requirements Is Crucial

Contact LIFARS For A Cost-Efficient and Tactical Approach To Meeting Regulations