Apple's app transparency rules: Google's privacy labels for Chrome and Search on iOS highlighted by DuckDuckGo

Google reveals how much personal data' collected in Chrome, Google app. 'No wonder they wanted to hide it'


Google's Apple-mandated privacy labels for its Chrome and Search apps on iOS have drawn criticism from tiny search rival DuckDuckGo, which tweeted "no wonder they wanted to hide it."

Apple now requires all App Store developers to label their apps to inform users of what data they collect. This has been mandatory since December 8th last year, but only when an app is updated.

Mysterious delays in Google's app updates soon ensued – though the company said in January that: "As Google's iOS apps are updated with new features or to fix bugs, you'll see updates to our app page listings that include the new App Privacy Details. These labels represent the maximum categories of data that could be collected — meaning if you use every available feature and service in the app."

No details provided: some Google apps, like Maps, have yet to receive an update since Apple mandated privacy labels

"No details provided": some Google apps, like Maps, have yet to receive an update since Apple mandated privacy labels

But updates have gradually been rolling out, complete with privacy labels, though at the time of writing there were still important apps like Google Maps which stated "no details provided" (see above.)

Google has now updated both its Chrome web browser and its standalone Search app – and the list of labels is indeed a long one.

A user signing in to a Google Workspace account has to agree separately to the Core Services under their organisation’s terms, and Additional Services under Google’s terms. Which is used when? It’s complicated.

Dutch government: Did we say 10 'high data protection risks' in Google Workspace block adoption? Make that 8

READ MORE

There are 19 categories of data that Google reported "may be collected and linked to your identity" in Chrome, and twice that number in Search, though the same type of data (such as Location) is listed multiple times such as under Analytics, Personalization, and Third-Party Advertising. Data listed includes location, search and browsing history, contact information, photos, video, audio, and "product interaction."

Note that the fact data is listed does not tell you exactly how it is used. For that, users should consult Google's massive privacy policy.

Apple publishes privacy labels for its own apps here – including its own browser Safari, which shows 13 categories of data collected, although only six of these are "linked to your identity."

In Google's case, all the data has been listed under the heading "Data linked to you." Firefox has come out better than either browser in this respect, with just four categories of data "linked to you" and three further ones "not linked to you."

Google’s privacy labels for its Search app on iOS: keep scrolling

Google’s privacy labels for its Search app on iOS: keep scrolling

DuckDuckGo also has an app for iOS and its privacy labels include just two categories of data, both under the heading "Data not linked to you." This, no doubt, explains why the privacy-focused browser vendor tweeted yesterday that "after months of stalling, Google finally revealed how much personal data they collect in Chrome and the Google app. No wonder they wanted to hide it."

Will these labels have any impact on app usage? Google has a weaker position on iOS than it does on Android, as you would expect, since Apple points users towards its own Safari browser and Apple Maps, and even Chrome has to use the Safari browser engine.

Google Maps is a popular app though, and we have a hunch that since the privacy details appear below the fold when you find an app in the Store, it will not make much difference to usage. There is also the problem that understanding how personal data is used is something which even government-backed researchers find challenging. ®


Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022