Two weeks ago, a report from Fast Company highlighted that Google had suspiciously not updated the vast majority of its iOS apps since December 7, a day before Apple required developers to provide a privacy report for every app available on the App Store. Following that report, Google quickly fired back and said it would start updating its iOS apps with the privacy labels as soon as that same week, the week of January 4.
Two weeks later, Google still hasn’t updated the vast majority of its iOS applications with these privacy labels, including its popular apps such as Gmail and YouTube. Even if Google has no mal-intent, this scattershot approach is leaving users puzzled and concerned.
According to data collated by 9to5Mac, the first Google app with the new App Privacy label on the App Store is Google Authenticator. This is Google’s popular two-step verification app, and it was last updated on December 7.
Google Authenticator has a relatively short privacy label, with the company saying that location data, user content, identifiers, and diagnostics data may be linked to the user.
Google Translate has also been updated with the new privacy label on the App Store:
As of publication, these appear to be the only two Google apps updated with Privacy Labels so far, over a month after the requirement went into effect.
Interestingly, a few applications, such as Google Slides, have been updated since December 7 but still don’t show the App Privacy labels. The Google Slides app, for example, was updated on December 14, but Google has still not provided any details on its privacy practices to the App Store. The education app Socratic by Google was updated on December 15 and likewise does not show privacy details.
The original Fast Company report suggested that Google is avoiding updating its iOS applications because of the new requirement that all apps show these privacy labels. Apple began requiring developers to submit their new privacy information to the App Store in order to update their apps on December 8. The App Privacy labels themselves became visible to users on December 14, coinciding with the release of iOS 14.3.
Following the Fast Company report, Google issued a statement to TechCrunch, promising to begin rolling out App Privacy labels for its apps that week, the week of January 4, or the next week. Since then, Google has not made good on this promise and has not updated any additional apps with App Privacy labels since then.
Google also included a small tidbit about these privacy labels in a blog post last week, again saying that privacy labels are coming, but with no specific timeline:
As Google’s iOS apps are updated with new features or to fix bugs, you’ll see updates to our app page listings that include the new App Privacy Details. These labels represent the maximum categories of data that could be collected—meaning if you use every available feature and service in the app. The data you provide to Google products delivers helpful services to you, and you can always control your privacy settings by visiting your Google Account or going directly to the Google products you use on iOS.
Apple has said that there are several different pieces of important information that developers should remember while preparing the App Privacy “nutrition labels” for their applications:
- Developers should identify all possible data collections and uses, even if certain data will be collected and used only in limited situations.
- Developers’ answers should follow the App Store Review Guidelines and any applicable laws.
- Developers are responsible for keeping your responses accurate and up-to-date. If your practices change, update your responses in App Store Connect.
The point of this data is not to shame developers, but rather to give users more insight into how their data is being used. If a user visits the App Store and notices that certain applications collect more data than others, they can make more informed decisions about which apps to use.
There are a variety of reasons as to why Google could be avoiding adding these labels, and not all of them are malicious.
First, it’s usual for developers to take a break from updating applications throughout the holiday season, even big companies like Google. For instance, Chrome went from December 2019 to February 2020 without an update last year during the holiday break.
On the flip side, Apple announced that these “nutrition labels” for app privacy would be required back in November, so Google could have planned to have theirs ready in time and before the holidays.
Internally at Google, it’s likely that the task of adding the labels falls on each individual app team, with Google providing only general guidance. This could be part of the reason why Google Translate and Google Authenticator have added privacy labels, but not other apps.
Finally, you do have to wonder how Google’s single-account system will affect these labels. Virtually every Google application requires you to sign in with the same Google login, which has an impact on privacy practices and makes it easier for Google to link data from different applications together.
Again, my point is not to say that Google is being malicious in taking a scattered approach to rolling out the App Privacy labels. As more applications add the labels and the longer Google takes, the more suspicious users will get when they see the “no data provided” label on App Store listings for Google apps.
Apple is taking an industry-leading approach to keeping users aware of how their data is used. The App Privacy labels are only part of this approach, and Apple will roll out additional privacy controls related to cross-app tracking soon.
The optics of Google’s decision to take a slow and scattered approach to rolling out App Privacy labels are bad, even if Google’s intentions may not be. Ideally, the labels will come sooner rather than later for the sake of users knowing more about how their data is being used.
FTC: We use income earning auto affiliate links. More.