Some Apple Privacy Labels in the App Store are Flawed, Test Shows

Geoffrey Fowler, tech columnist for The Washington Post, recently set out to test and document the accuracy of the new privacy ‘nutrition labels’ Apple added to its App Store last month.

To do so, Fowler downloaded a number of different apps from the App Store that had the “Data not collected” label — the best privacy label possible with a blue check mark, indicating that the app doesn’t collect or share any user data whatsoever — and tested the claim using data-tracking VPN Privacy Pro and a friend who was a former National Security Agency researcher.

The first app of the kind Fowler tested, Satisfying Slime Simulator, turned out to be a lot less innocent than its privacy label indicated: the app was found to be sharing iPhone identifiers and device properties with Facebook, Google, GameAnalytics, and Unity.

Fowler saw similar results with other apps with the same “App Privacy” designation, apps that included Rumble, Maps.meFunDo ProPlayerXTremeInstdown, and What’s Direct Chat and Web.

The “App Privacy” labels are intended to strong-arm developers into disclosing exactly what user data they collect and share for the benefit of the users, which naturally doesn’t sit too well with app developers.

However, Fowler’s amateur investigation has uncovered a gaping hole in the system: as things stand now, privacy labels are a glorified ‘honor system’, with inadequate policing on Apple’s part.

The details page for each privacy label even states that “This information has not been verified by Apple,” but an Apple spokeswoman said in an email that “Apple conducts routine and ongoing audits of the information provided and we work with developers to correct any inaccuracies.”

For the system to truly work as intended and be a beacon of Apple’s commitment to user privacy, privacy labels will have to be comprehensively screened and authenticated by Apple before they’re published on the App Store.