What your Android phone’s new “data safety” labels mean

Android apps like phones like the Samsung Galaxy Z Flip3 (above) will soon disclose how they handle your data. (Washington Post illustration; iStock)

Can you ask an app to delete all the data it has on you?

It used to be that figuring out the exact answer required a decent amount of research, but Google is trying to make the things app makers do with our data a little easier to find.

The company says the Android apps you can download in the Google Play Store have started disclosing how they deal with our data from the kinds they collect to how it’s used, to the reasons it could be shared with third parties. And among other things, these new “data safety” sections require developers to tell people thinking about downloading their app if they can request that their data be deleted.

Thankfully, these kinds of data usage disclosures have become more common over the last few years. Google first announced its plans to push for greater data transparency inside the Play Store in May 2021, well after similar privacy-focused “nutrition labels” started making their way into Apple’s App Store. But even though Big Tech has made progress in unpacking the ways our apps try to understand us, privacy researchers aren’t convinced they’ve done enough so far.

“I have been advocating for privacy labels for 20 years,” said Lorrie Cranor, director of the CyLab Security & Privacy Institute at Carnegie Mellon University. “And I had hoped that we could do better.”

It’ll probably be a few weeks before most people start seeing these data safety labels, and longer still before they become impossible to miss. In the meantime, though, here’s what you should know about Google’s Android app data safety disclosures.

What do app makers have to tell me?

Quite a bit. Here’s a quick (and non-exhaustive) breakdown of what developers are required to disclose by July 20:

• Whether the apps collect any data.
• The types of data collected — think your name, email address, location and more — along with the reason they’re needed.
• Whether any of that data is shared with third parties.
• Whether any of the data that leaves your phone is encrypted in transit.
• Whether you can ask for your data to be deleted.
• Whether you can opt-out of data collection entirely.

App makers can also tell users whether their software has been independently validated for security or if it complies with Google’s more stringent design policies for families and children, but unlike everything listed above, these are purely optional.

Of the types of information Google has asked developers to unpack for would-be app users, Cranor said the company “does seem to be more holistic in talking about security and safety more generally, not just about privacy” the way Apple’s app labels do. Even so, she says she believes there are ways for data disclosures like these to be made even more readable by — and more useful to — non-techies.

“Most of us want privacy, but we don’t want to spend every waking moment thinking about privacy,” she said.

Her suggestions? A straightforward privacy score derived from information disclosed in the label could help people make more informed downloading decisions, as would a tool that allowed people to compare the privacy information of two apps side-by-side. “Not only do I want the app that has a lot of stars and good reviews, but the one that has better privacy,” she added.

When will I start seeing them?

In theory, you could see them right now — as long as you’re using a device that runs the Android 5.0 software or newer. (This probably won’t be an issue for you unless your Android phone is more than seven to eight years old.)

That said, it may still be a few weeks before you see these disclosures before you download a new app. Google had originally planned to make them mandatory by the end of last month but pushed that deadline to July 20 partly because app makers wanted more time to comply.

Even though the company said in its announcement that users would start seeing data safety breakdowns around the end of April, we haven’t found any ourselves yet. None of the top 40 free apps available for Android phones contained a data disclosure when we checked on May 4, nor did many of the popular apps Google made itself. (That includes YouTube, Google Photos, Gmail, Google Fit, the web browser Chrome, the keyboard app Gboard and more.)

As it turns out, we weren’t the only people who had trouble finding these data usage disclosures.

“Developers are filling out the forms. But I just looked this morning, and I asked all my students,” Cranor said when we spoke earlier this week. “Nobody has found any evidence of actual labels.” And so far, neither have any members of a wider group of privacy researchers and students at CMU she emailed after our conversation.

Google spokesperson Scott Westover suggested in an email that was just a quirk of the way the company is rolling out those disclosures to users and that our devices simply “may not be able to see the sections just yet.”

Do all app makers have to disclose this information?

Yes. Some of Google’s articles on the subject sometimes use wishy-washy language, but all Android apps must have a data safety section in their Play Store listing by the deadline.

If a person or company that built an app decides they don’t want to share that kind of information, they won’t be allowed to publish updated versions of their apps. Google’s Westover also says that data safety disclosures with “unresolved issues” could be removed from the Play Store entirely, as could apps that knowingly “contain false or misleading information.”

But that doesn’t mean every single Android app you’ll find in Google’s Play Store will proudly offer these data safety breakdowns. Older apps that haven’t been updated — perhaps because they’ve been abandoned, or because their creators think of them as complete works that don’t need updates — may continue to exist for a while without them. That lack of a data disclosure doesn’t necessarily mean you shouldn’t install those apps, though; just that you should be extra cautious while using them.

Is anyone checking to see if these disclosures are accurate?

That's the big question, and for good reason.

Shortly after Apple announced the launch of privacy labels in its own App Store, our personal tech columnist Geoffrey A. Fowler found instances of apps openly misrepresenting how much data they collected. The biggest offenders, which up to that point had eluded notice, were caught sending trackable bits of information to third parties such as Facebook and Google despite claiming that data was “not collected” at all.

Google spokesperson Westover said “only the developers possess all the information required” to accurately answer the questions these disclosures require, but he added that the company “runs a number of checks on an app’s data safety section” for the sake of accuracy. (That said, the company wouldn’t elaborate on the nature of those checks.)

That may well be true, but it’s very similar to what Apple said when we caught some apps failing to live up to their privacy promises.

For now, it’s hard to say whether developers are being as honest as they should be with these disclosures because so few apps actually even seem to have them. As these data breakdowns become more common, though, we’ll start digging through them ourselves to see which app makers are playing by the rules and which are being less than honest.