If an app says it only sends anonymized data for analytics, or something of the like, is there any way to verify if this is actually true in app? Is there any kind of "privacy policy certificate"?
With open source software, the recognized way is to have a 3rd party audit that looks for telemetry. Another way is with something like Pi-hole where you, yourself, analyze the traffic going over the wire. Other than that, no. You're left with trusting them.<p>Which brings up an important point about these "privacy agreements." They're all <i>one way</i> agreements, subject to amendment by the other party at any time. If you've used any SaaS service, you'll notice these policies get updated all the time, making them more like whims than policies. There is definitely no guarantee that the privacy you were promised today won't go away in a "we changed our policies!" update a few months from now.