Google's reluctance to add privacy labels to Gmail, other apps might put users at risk [u]...

Posted:
in iOS edited February 2021
Google has taken so long to update its popular Gmail app for iOS that a new in-app warning informs users that the title is "out of date" and does not include the latest security features.

Gmail Warning


The search giant in early January said it would update its entire iOS app suite with new Apple-mandated privacy "nutrition" labels, but many titles under the company's umbrella have yet to be revised.

As noted by MacRumors, Gmail is now warning users that the app does not include built-in safeguards and cautions against its use. The app was last updated more than two months ago on Dec. 1.

"You should update this app. The version you're using doesn't include the latest security features to keep you protected. Only continue if you understand this," the pop-up reads.

The alert appears upon initial setup or when adding a new account, and users who are already signed in will not see the message.

Google's delayed action is thought to be in response to Apple's new privacy label feature that rolled out in December. Dubbed privacy "nutrition labels," the program is designed to supply users with new levels of app transparency by requiring developers to provide insight into how their apps leverage user data.

For example, developers must divulge what data is being collected by either itself or a third party, and how that information might be used. Similar to past App Store policies, apps are allowed to remain on the storefront without publishing the privacy labels, though the new rules will be enforced when updates are submitted.

Previous reports suggested Google would delay rollout of future updates to avoid exposure of its data collection strategies, but the search giant denied those allegations. A spokesperson for the company in January said it is not fighting Apple's policy and plans to publish updates with privacy labels "soon."

While Google has added the required information to some of its apps, like YouTube, others including Gmail, Google Photos and Google Maps have been left untouched for months.

Update: Google appears to have updated its Gmail backend to remove the warning as it no longer appears when configuring a new account.
«1

Comments

  • Reply 1 of 23
    badmonkbadmonk Posts: 1,316member
    I am sure GatorGuy will be around shortly to explain why this is not a concern.
    elijahglkruppwatto_cobra
  • Reply 2 of 23
    I’m confused, why is their own app issuing this warning? I don’t use it, but I assume that’s server-side generated web content rendered in the app?
    watto_cobra
  • Reply 3 of 23
    I’m confused, why is their own app issuing this warning? I don’t use it, but I assume that’s server-side generated web content rendered in the app?
    They probably don’t want users to know that they are compromising their privacy  - for instance, maybe scanning emails to feed you ads or selling your private data gleaned from emails to third parties. What else would make them delay updating this information? I use the app every day BTW but don’t have any personal information that would concern me if it was publically revealed! :smile: 
    watto_cobra
  • Reply 4 of 23
    crowleycrowley Posts: 10,453member
    I’m confused, why is their own app issuing this warning? I don’t use it, but I assume that’s server-side generated web content rendered in the app?
    I'd guess that some new feature has been implemented server side, and also checks whether the client supports it.  The Android app has likely been updated so that this message doesn't appear, but the iOS app is lagging for whatever reason.
  • Reply 5 of 23
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    watto_cobra
  • Reply 6 of 23
    elijahgelijahg Posts: 2,781member
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    You can't update, because there is no update. There is no update because Google doesn't want to reveal all its privacy violations in Apple's nutrition labels.
    Fidonet127
  • Reply 7 of 23
    elijahg said:
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    You can't update, because there is no update. There is no update because Google doesn't want to reveal all its privacy violations in Apple's nutrition labels.
    What's a 'nutrition label' in this context? Is that a widely understood and commonly accepted term? What exactly does it say/do?
    watto_cobra
  • Reply 8 of 23
    elijahgelijahg Posts: 2,781member
    elijahg said:
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    You can't update, because there is no update. There is no update because Google doesn't want to reveal all its privacy violations in Apple's nutrition labels.
    What's a 'nutrition label' in this context? Is that a widely understood and commonly accepted term? What exactly does it say/do?
    It's becoming a metaphor for Apple's iOS app privacy labels. Shows what data an app collects.
    anantksundaram
  • Reply 9 of 23
  • Reply 10 of 23
    elijahg said:
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    You can't update, because there is no update. There is no update because Google doesn't want to reveal all its privacy violations in Apple's nutrition labels.
    Exactly. Also the speed they rectified the Out of Date message just shows they could have done the same with the privacy labels… if they really wanted to. Obviously they don’t, as you say, because they don’t want to reveal the extent of the data collection.
    elijahgwatto_cobra
  • Reply 11 of 23
    gatorguygatorguy Posts: 24,350member
    Dougie.S said:
    elijahg said:
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!
    You can't update, because there is no update. There is no update because Google doesn't want to reveal all its privacy violations in Apple's nutrition labels.
    Exactly. Also the speed they rectified the Out of Date message just shows they could have done the same with the privacy labels… if they really wanted to. Obviously they don’t, as you say, because they don’t want to reveal the extent of the data collection.
    I don't see a GMail update for iOS yet, but if you update YouTube there is a Privacy Nutrition label:

     

    App Privacy

    The developer, Google LLC, indicated that the app’s privacy practices may include handling of data as described below. This information has not been verified by Apple. For more information, see the developer's privacy policy.

    To help you better understand the developer's responses, see Privacy Definitions and Examples.

    Privacy practices may vary, for example, based on the features you use or your age. Learn More

    Data Used to Track You

    The following data may be used to track you across apps and websites owned by other companies:

    Contact Info
    • Physical Address
    • Email Address
    • Phone Number
    Identifiers
    • User ID
    • Device ID

    Data Linked to You

    The following data, which may be collected and linked to your identity, may be used for the following purposes:

    Third-Party Advertising

    Location
    • Coarse Location
    Contact Info
    • Physical Address
    • Email Address
    • Name
    • Phone Number
    Search History
    • Search History
    Browsing History
    • Browsing History
    Identifiers
    • User ID
    • Device ID
    Usage Data
    • Product Interaction
    • Advertising Data

    Developer’s Advertising or Marketing

    Purchases
    • Purchase History
    Location
    • Coarse Location
    Contact Info
    • Physical Address
    • Email Address
    • Name
    • Phone Number
    Search History
    • Search History
    Browsing History
    • Browsing History
    Identifiers
    • User ID
    • Device ID
    Usage Data
    • Product Interaction
    • Advertising Data

    Analytics

    Purchases
    • Purchase History
    Location
    • Coarse Location
    Contact Info
    • Email Address
    User Content
    • Audio Data
    • Customer Support
    • Other User Content
    Search History
    • Search History
    Identifiers
    • User ID
    • Device ID
    Usage Data
    • Product Interaction
    • Advertising Data
    • Other Usage Data
    Diagnostics
    • Crash Data
    • Performance Data
    • Other Diagnostic Data
    Other Data
    • Other Data Types

    Product Personalization

    Purchases
    • Purchase History
    Location
    • Precise Location
    • Coarse Location
    Contact Info
    • Email Address
    Contacts
    • Contacts
    User Content
    • Audio Data
    • Other User Content
    Search History
    • Search History
    Browsing History
    • Browsing History
    Identifiers
    • User ID
    • Device ID
    Usage Data
    • Product Interaction
    • Advertising Data
    • Other Usage Data
    Other Data
    • Other Data Types

    App Functionality

    Purchases
    • Purchase History
    Location
    • Precise Location
    • Coarse Location
    Contact Info
    • Email Address
    • Name
    • Phone Number
    Contacts
    • Contacts
    User Content
    • Photos or Videos
    • Audio Data
    • Gameplay Content
    • Customer Support
    • Other User Content
    Search History
    • Search History
    Identifiers
    • User ID
    • Device ID
    Usage Data
    • Product Interaction
    • Advertising Data
    • Other Usage Data
    Diagnostics
    • Crash Data
    • Performance Data
    • Other Diagnostic Data
    Other Data
    • Other Data Types

    Other Purposes

    Purchases
    • Purchase History
    Location
    • Coarse Location
    Browsing History
    • Browsing History
    Identifiers
    • User ID
    applguyn2itivguy
  • Reply 12 of 23
    Isn’t changing the server side security warning like putting black tape over your lit check engine light?  Meanwhile, we have the North Dakota Senate is considering requiring apps to be loaded from any App Store.  Do you think other App Stores would be as concerned about privacy?
    watto_cobra
  • Reply 13 of 23
    bluefire1bluefire1 Posts: 1,304member
    That’s one of a number of reasons that Gmail is my third choice.
    edited February 2021 watto_cobra
  • Reply 14 of 23
    gatorguygatorguy Posts: 24,350member
    bulk001 said:
    I’m confused, why is their own app issuing this warning? I don’t use it, but I assume that’s server-side generated web content rendered in the app?
    They probably don’t want users to know that they are compromising their privacy  - for instance, maybe scanning emails to feed you ads or selling your private data gleaned from emails to third parties. What else would make them delay updating this information? I use the app every day BTW but don’t have any personal information that would concern me if it was publically revealed! :smile: 
    They don't scan emails for ad monetization as they've very specifically and unequivocally said they do not (any longer). They also do not sell private information as they've just as unequivocally said they do not, nor have they ever. Is there some data, even if "anonymized" and not tied to a specific user, being gathered? I'd say it's almost certain they do. Analytics for example may be disconnected from an identifiable account but would still require a declaration in the nutrition label. 
  • Reply 15 of 23
    bluefire1 said:
    That’s one of a number of reasons that Gmail is my third choice.
    What is your 1st and 2nd choice?

    I am thinking to switch to other email companies for years.
  • Reply 16 of 23
    flydogflydog Posts: 1,129member
    I honestly do not understand this story.  But I have no doubt better minds do. 

    So, what does responding to Google’s warning (and updating) actually do?!

    That's because the "story" is a non-story.

    The app that was released months ago has no way of knowing of any "security risks," and the warning was likely triggered by the passage of time or a misconfiguration on Google's back end that notified the app that there was a newer version available. In other words, it is a case of automation gone wrong, which Google has since corrected.

    Claiming tha the app puts "users at risk" based on the known facts is irresponsible.




    gatorguymuthuk_vanalingam
  • Reply 17 of 23
    flydogflydog Posts: 1,129member

    j2fusion said:
    Isn’t changing the server side security warning like putting black tape over your lit check engine light?  Meanwhile, we have the North Dakota Senate is considering requiring apps to be loaded from any App Store.  Do you think other App Stores would be as concerned about privacy?
    Depends on why the check engine light is on. 
  • Reply 18 of 23
    chasmchasm Posts: 3,378member
    gatorguy said:
    They don't scan emails for ad monetization as they've very specifically and unequivocally said they do not (any longer). They also do not sell private information as they've just as unequivocally said they do not, nor have they ever. Is there some data, even if "anonymized" and not tied to a specific user, being gathered? I'd say it's almost certain they do. Analytics for example may be disconnected from an identifiable account but would still require a declaration in the nutrition label. 
    I find it amusing that you posted the YouTube (owned by Google) privacy label while still claiming, and I quote, "they do not sell private information" -- I await your mansplaining on how my name, email, physical address, current location, device ID, contacts, search history, browsing history, and much more are not "private" information (reminder, these all come from the "Third Party Advertising" section of the privacy label).

    To be sure there is some obvious stuff in there that of course Google gets and/or sells and that users should have always known was being collected, from my YouTube user name to my general location to benign diagnostic data -- but I doubt most users understand either exactly how much personal data is being collected (and please stop with the BS about Google not selling this, not only is it made explicit in the label above, it is their entire business model), and more importantly how it is put together into a collective profile that I think most people would find more invasive than what they thought they signed up for.

    That's why these privacy labels are great, and also why Google is so hesitant to comply with some of their other products perceived as more "personal" (like Gmail, Google Photos, etc).
    watto_cobra
  • Reply 19 of 23
    gatorguy said:
    I don't see a GMail update for iOS yet, but if you update YouTube there is a Privacy Nutrition label:
    Are you sure that this applies to YouTube on iOS? I just deleted and re-downloaded the YouTube App, and I did not see any 'nutrition labels' when it launched. How do you make it appear?
    watto_cobra
  • Reply 20 of 23
    spock1234 said:
    gatorguy said:
    I don't see a GMail update for iOS yet, but if you update YouTube there is a Privacy Nutrition label:
    Are you sure that this applies to YouTube on iOS? I just deleted and re-downloaded the YouTube App, and I did not see any 'nutrition labels' when it launched. How do you make it appear?
    Nutrition labels, or app privacy labels, are visible (for many apps) on the app store, not when you launch the app. Some apps don't have them yet, but I think Apple forces them on any apps that get updated. Some apps may never be updated just so they don't have to add these labels.
    watto_cobra
Sign In or Register to comment.