Study: Thousands Of Android Apps Lack Privacy Policies

Carnegie Mellon University revealed that thousands of popular apps in Google's Play Store don't have privacy policies, and many of the ones that do aren't upfront about how they collect and share the personal information of their users. This violates state laws and the Play Store's own guidelines.

The researchers said they examined 18,000 free apps in the Play Store. Of those, roughly 9,000 didn't have any kind of privacy policy. Another 41% could gather location information without disclosing so in their privacy policy, for example, and 17% could share that data with others. Here's how CMU explained the methods used to look for these apps' policies and examine their code to determine if there are any inconsistencies:

The automated system uses natural language processing and machine learning to analyze the text of privacy policies. It then examines the app’s computer code to see whether its behavior suggests it shares personal information and therefore should have a privacy policy. It also checks whether the app’s data collection and sharing behavior is consistent with an existing privacy policy.

One of the states with laws mandating privacy policies is California, which has the Children's Online Privacy Protection Act (COPPA). CMU said it's working with the California Office of the Attorney General to modify its system so it can be used to automatically detect if a new app violates COPPA, but it also warned that such a tool would not be foolproof, because it might miss something that a person would catch if they were looking at the same data.

“Just because the automated system finds a possible privacy requirement inconsistency in an app does not mean that a problem necessarily exists,” CMU professor of computer science Norman Sadeh explained. The system could help analyze the millions of apps in the Play Store, but if the Attorney General wants to punish anyone for violating COPPA, a human will have to double-check the tool's work to make sure it didn't make any mistakes.

This news doesn't bode well for cybersecurity. Many have called for laws requiring companies to make their products more secure, or trusted that companies like Google would make sure their platforms aren't used to invade someone's privacy. Yet here we have thousands of popular apps flouting multiple state laws and the Play Store's guidelines, either by not having privacy policies or by misleading people about what their apps really do.

Nathaniel Mott
Freelance News & Features Writer

Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.

  • psiboy
    The lack of comments on this article reporting such diturbing lack of concern from app makers about privacy is in itself comcerning!
  • psiboy
    *disturbing.... Concerning* sorry I have a digital lisp.....
  • Powermonkey13
  • thundervore
    This is no surprise. Google should hold them responsible for privacy transparency. This is the exact reason I use fake data for all my online accounts and interactions. Good luck trying to market my data.