​All tech giants fail on security disclosure, but Microsoft and Google do best

A new report ranking of a dozen tech giants finds that all of them could do better at explaining how user data is secured.

The new index from Ranking Digital Rights highlights shortcomings in the way all tech firms disclose polices that describe users’ protections for privacy and freedom of expression.

The only companies to scored more than 60 percent in the index we're Google and Microsoft. Apple surprisingly ranked seventh of 12 internet and mobile companies, due mostly to scant descriptions of commitments to user rights through corporate governance. Samsung meanwhile ranked ninth.

The report, which calls Apple, Google, and Samsung as “gatekeepers for privacy and security”, notes that all three require apps to have a privacy policy if they collect user information, but none publicly commit to checking whether these privacy policies offer adequate protections for users.

And while Android device makers mostly fail to deliver security updates to users, the report notes that Google was the only company that states how long its device models are guaranteed to receive software updates. Google had the best disclosures regarding Android policies for user’s freedom of expression and privacy, according to the report.

“Apple and Samsung did not provide such information, making it difficult for users to evaluate for how long their devices will be safe to use,” the report notes.

Google also ranked highest in a comparison of how companies disclose details about government and private requests to restrict content and accounts.

The index also includes whether companies have a real name policy and whether or not firms allow users to sign up without government-issued identification, which may pose a risk to users living under an authoritarian regime. Among mobile and internet firms, Microsoft and Twitter scored 100 points, followed by Google’s 83 points, mail.ru's 67 points. Apple, Facebook and Kakao each scored 50 points, while Yahoo scored 33. Companies lost points, for example, for requiring a phone number when creating an account.

All tech firms fell short on how they disclose information about how users can control information collected about them, though Microsoft and Twitter had the most detailed descriptions.

Google topped the field in a comparison of security policies and what is disclosed within them. The report compares how each firm educates users about potential security threats, information about what users can to ensure their accounts are secure, how companies go about overseeing user security, encryption, how security vulnerabilities are addressed, and data breaches.

“Companies communicate less about what they are doing to protect users’ security than they do about what users should do to protect themselves,” the report notes.

Google’s high score here was due to its clearer disclosures about its encryption policies followed by Apple, despite the Cupertino companies public battle with the US government over encryption.

One criticism of Google though was it doesn’t offer end-to-end encryption for Gmail, while Apple was criticized for not saying whether iMessage chats are encrypted with unique keys.

Tags ApplesamsungGoogle securityMicrosoft securitytech giants

Show Comments