I love how the word 'sharing'
Has become synonymous with 'selling'.
The Mozilla Foundation has accused Google of incorrectly labelling apps as "Data Safe" as much as 80 percent of the time in its Play digital bazaar – with TikTok, Facebook and Twitter among the misdescribed software. "Google Play Store's Data Safety labels would have you believe that neither TikTok nor Twitter share your …
It's everywhere. Just look at Top Level Domains. These below we block 100% automatically as we've never seen them used for anything but spam & malware. They exist for IANA to make money.
.shop
.cloud
.ltd
.live
.site
.rest
.website
.bar
.best
.today
I use the DuckDuckGo browser that has an app tracker-blocker. Astonishing to see the number of tracking attempts. Santander's app is the worst, 10,000-20,000 in a day most days. When I've raised this with them they seem completely clueless, mutter something about essential cookies. One app, Eufy Clean, they didn't even know the app had trackers until I pointed it out to them!
And the RBS android mobile banking app has a serious bug which RBS refuse to fix despite the Financial Services Ombudsman ruling against them.
If you go into the "Manage my card & Google Pay" it blocks access to the card management section and insists you select one of the Google accounts on your phone - even if you have NOT nor any intention of setting up or using Google Pay.
There is NO WAY to get past it.
If you select one of the Google accounts just to get at the card management function - minor things like BEING ABLE TO BLOCK A LOST/STOLEN CARD, there is NO WAY to tell it to forget that account. The only way is to uninstall their app and re-install it.
Utterly shite programming and blatant disregard for GDPR which even after numerous complaints and the Ombudsmans ruling, RBS REFUSE to fix.
I'd never do any banking on a mobile. They are too easy to nick and that's your whole bank account gone if somebody gets the phone when it's unlocked (maybe even when locked). If you get pickpocketed all they get is your cash and possibly can use a card up to the daily limit (which is why a sensible limit is a good thing).
As the old saying goes - don't put all your eggs in one basket.
Have multiple accounts with different banks. Ideally, banks NOT part of the same group.
Keep the bulk of your funds in accounts NOT accessed via a mobile app.
NEVER have credit cards from the same bank (or bank group) as your main account(s). They can use "right of offset" to help themseves to money in any of those accounts to service any debt on the card even if it pushes those accounts into unauthorised overdraft and then hit you with all sorts of additional fees for that too.
My bank requires installation of not one, but TWO apps just to avail of mobile banking (the other is an authenticator which could be easily handled by any ready-existing OTP app). One of the required permissions was location.
Location seems an odd one for what should just be a ledger and some forms to let me check my balance and move my money, unless they're trying to recreate the 'so what were you doing today' conversations I used to have with bank clerks while they pattered away at the computers.
"This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects"
Because those company wide policies should be informing those individual Data Safety labels and if the policies are shit the labels will be too?? Maybe?
"This report conflates company-wide privacy policies that are meant to cover a variety of products and services with individual Data Safety labels, which inform users about the data that a specific app collects"
You put a Data Safe label on the Facebook app, ergo you are wrong.
I have an app in the Play Store, so was forced to complete Google's Data Safety form, but frankly, I had to guess most of my answers. My own code collects zero user data, but the app does use Google's ad service and getting any clear information out of Google about what they do with the data and how it should be entered in their own form was impossible. There should have been a simple checkbox on the form just to say that the app connects to Admob, but instead they forced every single developer to blindly complete a long list of detailed questions. Most developers probably gave wildly different answers for exactly the same thing.
Unfortunately, advertising is the only viable business model for most apps and Admob is by far the biggest player.
And even if you found an ad network that was fully transparent about what it does, a lot of the questions on the form are quite vague and open to multiple interpretations. My point is that most developers will have tried to complete Google's Data Safety form honestly, but it wouldn't surprise me at all if 80% of them still made errors.
The data is being safely copied, "We do not steal your data, we just sell copies of it so it's still your data." Welcome to today's world, we get told things but so often completely different things are happening:
Q: "Is it safe to jump out of a plane?"
A: "Yes, you have a parachute"
Q: "But it's only 6 inches in diameter"
A: "It's OK, you will just land quicker"
I could see it being only 80% wrong according to the app's privacy policy. It's 98% wrong if you check the app's logs.
You can flag an app and send logs to Google but nothing happens. The only thing more dangerous than a Google Play Store app is a sideloaded app found in Google's search results.
.. for someone attempting to state with some convoluted logic (or simply made up "facts") that the Apple app store is just as bad. The Apple app store that, if you recall, started with all this fun privacy labelling, to the immediate and immense dislike of a certain Mr Zuckerberg.
The problem with Google is a massive conflict of interest that you simply cannot explain away (although they certainly try). There is simply no valid argument to trust them. That said, maybe someone could use Android's ability to side load for good by starting an app store which checks apps properly, with some evidence so you could judge if they were worthy of your trust. Could actually be a nice business in itself, but it is , of course, based on an assumption that the OS itself doesn't leak - probably not impossible to achieve but most likely not for free..
The Data Safety form is the problem here. Even if the developer first ticks the box that says their app doesn't collect data, they still get asked if they provide a way for the user to delete their data. It would be a brave developer who decided to leave that second box unticked - it's far too easy to get your app accidentally de-listed with very little explanation or recourse from Google.
A big green icon that says collection of personal data (anonymous or not) is opt in and disabled by default.
And a big red icon for everything else.
Note: By definition the "app" is what the user installs. If there are fifty advertising services baked in, these count as part of the behaviour of the app.
In the UK, and I suspect USA as well, company accounts are audited by the very accountancy firm that bent over backwards to win the company's business in the first place. Despite that being a massively obvious conflict of interest, with a very long and fully documented history of not working as it should, it carries on. Even when caught, the accountancy firm and the company manage to convince a handful of nonentities to fall on their swords and take one for the team, undoubtedly well recompensed in some untraceable manner, for their "selfless" act in protecting the company and the wider community that leans heavily on this ridiculous set up to rumble on forever.
I can see Google's situation with it's self-declaring model to be no different.
It wouldn't hurt to have the folk at Mozilla be the ones who audit the apps and declare them as they should be, but how to pay them for their services without again creating a conflict of interest?
Perhaps the users could donate to them, in recognition of their service to the public?
For example for an ebook reader app to access books on your Google Drive, the only option available is to modify/delete all your files as well as just read access.
I've raised this issue here.
https://issuetracker.google.com/issues/204692011