14% of Android apps have contradictory privacy policies and data collection practices

In an academic study published last year, researchers created a tool called PolicyLint to analyze the language used in the privacy policies of 11,430 Play Store applications. They found that 14.2% of Android apps contradicted their privacy policies and data collection practices.

For example, the Privacy Policy states in a section that they do not collect personal data and state in subsequent text that they collect e-mail or user names, which are clearly identifiable personal information. While the team was unable to determine the intent of application developers to use contradictory statements in their privacy policies, the researchers believe that the main purpose of this practice is to mislead users.

However, they also found evidence to the contrary. For example, the team found that 59 Apps used online services to automatically generate privacy policies. A more in-depth look at these online services revealed that these contradictory claims are part of the template itself, not what the application developer added.

However, most other privacy policies are unique to every application. In these cases, the application developers could face fines from EU and US privacy regulators, the team said. Contradictory statements could lead to mandatory fines for developers imposed by the EU FTC and dPA (Data Protection Authority).

The team also found that 10.5 percent of the 68,051 apps they analyzed shared personal data with third-party services, but they did not state it in their privacy policy. In addition, only 22.2% of the 68,051 applications explicitly designated third-party partners or affiliates in their Privacy Policies, and the vast majority of applications hide third-party partners or affiliates that ultimately obtain user data.

14% of Android apps have contradictory privacy policies and data collection practices

14% of Android apps have contradictory privacy policies and data collection practices