There have been many attempts at summarising app privacy in a meaningful way for app users, all of which have endured some form of heavy criticism for efficacy. I’m thinking of Apple’s App Privacy Labels, Google’s App Data Safety, F-Droid’s Anti-Features and Permissions sections, Aurora Store’s Exodus integration, etc. What do you think a collection of meaningful assessments of app privacy would look like?
- At the very beginning of whatever format this takes you probably want to give an overview of all the data that is processed by the app, including what is and is not encrypted. Also good to include things like whether an account/payment is needed for the software or service. Whether they provide an app signed by themselves on a store that doesn’t require an account or they have opted-in to for e.g. Play App Signing, F-Droid’s distribution process without reproducible builds etc.
- Next a split of all the dangerous permissions required by the app, high level revokeable/optional permissions the app declares and needs (and what they are required for), high level mandatory permissions the app declares and needs (and what they are required for) and the option to further view low-level permissions or permissions unrelated to privacy.
- Some kind of evaluation of the privacy policy provided by the app developer that summarises how (and by whom) the data mentioned above is processed, stored and/or shared, as well as any third-party infrastructure providers. Privacy Guides also used to have a ‘questions to ask service/software providers’ which may be of use here if modified.
- Option to view a report generated by software like App Manager, Pithus as mentioned by ignoramous or even F-Droid Suss as mentioned by SkewedZeppelin to use in enquiring further.
Above I think would serve as a decent start for surfacing the most important information first. Thoughts on changes, improvements and/or things to add?