What is the Best Way for Popular Android and iOS Apps to Scam Users? An Analysis of Mozilla Foundation Detection of 40 Million User Misleading Apps on Google Play

There are ways for popular apps to provide false or misleading information regarding how user data is shared. The study, conducted by the Mozilla Foundation, identified 40 of the most globally downloaded Android apps on the Google Play Store and discovered almost 80 percent had discrepancies between their privacy policies and the information listed on Google Play’s data safety section.

Google says that the Android apps Meta identified have all been taken down from Google Play and that the company had independently caught and removed many of them throughout the year before Meta’s disclosures.

Both companies face the same challenges as they struggle to police their official app stores. Users can download third-party apps from third-party app stores that are outside of Google’s control, as a result of Android’s open ecosystem. It is more problematic when malicious apps show up in Play, but users have the freedom to source their apps if they are comfortable with the developer. The closed iOS ecosystem has far fewer threats from rogue apps outside the App Store, but as a result all users must get their apps from Apple, making it even more valuable for attackers to sneak their malicious apps in.

Apple has also been criticized for its own developer-submitted privacy labels, with a 2021 report from The Washington Post finding that many iOS apps similarly provided misleading information, with some of the apps falsely reporting that they didn’t collect, share, or track user data.