Carnegie Mellon University revealed that thousands of popular apps in Google's Play Store don't have privacy policies, and many of the ones that do aren't upfront about how they collect and share the personal information of their users. This violates state laws and the Play Store's own guidelines.
One of the states with laws mandating privacy policies is California, which has the Children's Online Privacy Protection Act (COPPA). CMU said it's working with the California Office of the Attorney General to modify its system so it can be used to automatically detect if a new app violates COPPA, but it also warned that such a tool would not be foolproof, because it might miss something that a person would catch if they were looking at the same data.
“Just because the automated system finds a possible privacy requirement inconsistency in an app does not mean that a problem necessarily exists,” CMU professor of computer science Norman Sadeh explained. The system could help analyze the millions of apps in the Play Store, but if the Attorney General wants to punish anyone for violating COPPA, a human will have to double-check the tool's work to make sure it didn't make any mistakes.
This news doesn't bode well for cybersecurity. Many have called for laws requiring companies to make their products more secure, or trusted that companies like Google would make sure their platforms aren't used to invade someone's privacy. Yet here we have thousands of popular apps flouting multiple state laws and the Play Store's guidelines, either by not having privacy policies or by misleading people about what their apps really do.
Stay on the Cutting Edge
Join the experts who read Tom's Hardware for the inside track on enthusiast PC tech news — and have for over 25 years. We'll send breaking news and in-depth reviews of CPUs, GPUs, AI, maker hardware and more straight to your inbox.
Nathaniel Mott is a freelance news and features writer for Tom's Hardware US, covering breaking news, security, and the silliest aspects of the tech industry.
Your fingerprints can be recreated from the sounds made when you swipe on a touchscreen — Chinese and US researchers show new side channel can reproduce fingerprints to enable attacks
Russian military botnet discovered on 1000+ compromised routers — FBI deactivated Moobot by taking control of impacted routers
The lack of comments on this article reporting such diturbing lack of concern from app makers about privacy is in itself comcerning!Reply
*disturbing.... Concerning* sorry I have a digital lisp.....Reply
This is no surprise. Google should hold them responsible for privacy transparency. This is the exact reason I use fake data for all my online accounts and interactions. Good luck trying to market my data.Reply