Landscape of Privacy Labels and their Consistency with Privacy Policy


Privacy nutrition labels provide a way to understand an apps’ key data practices without reading the long and hard-to-read privacy policies. Recently, the app distribution platforms for iOS (Apple) and Android (Google) have implemented mandates requiring app developers to fill privacy nutrition labels highlighting their privacy practices such as data collection, data sharing and security practices. These privacy labels contain very fine grained information about the apps’ data practices such as the data types and purposes associated with each data types. This provides us with a unique vantage point from which we can understand apps’ data practices at scale. In this work, we first discuss the similarity and differences between iOS privacy label and Android privacy label. Then we extract the privacy nutrition labels for iOS (n=1.4M) and Android (n=2.56M), and analyze them to learn about how app developers collect and use sensitive resources. We find that popular apps (>1M installs) have consistently better privacy practices than the not-so-popular apps. Further, we also perform automated content analysis of privacy policies of these and investigate how the apps’ privacy policies compare with their privacy nutrition label. We find that 80% of the apps have at least one discrepancy between their privacy policy and the nutrition labels.

Arxiv Preprint