Carnegie Mellon University revealed that thousands of popular apps in Google’s Play Store don’t have privacy policies, and many of the ones that do aren’t upfront about how they collect and share the personal information of their users. This violates state laws and the Play Store’s own guidelines.
One of the states with laws mandating privacy policies is California, which has the Children’s Online Privacy Protection Act (COPPA). CMU said it’s working with the California Office of the Attorney General to modify its system so it can be used to automatically detect if a new app violates COPPA, but it also warned that such a tool would not be foolproof, because it might miss something that a person would catch if they were looking at the same data.
“Just because the automated system finds a possible privacy requirement inconsistency in an app does not mean that a problem necessarily exists,” CMU professor of computer science Norman Sadeh explained. The system could help analyze the millions of apps in the Play Store, but if the Attorney General wants to punish anyone for violating COPPA, a human will have to double-check the tool’s work to make sure it didn’t make any mistakes.
This news doesn’t bode well for cybersecurity. Many have called for laws requiring companies to make their products more secure, or trusted that companies like Google would make sure their platforms aren’t used to invade someone’s privacy. Yet here we have thousands of popular apps flouting multiple state laws and the Play Store’s guidelines, either by not having privacy policies or by misleading people about what their apps really do.