Thousands of Android apps are allegedly tracking the online activity of children in ways that violate US privacy laws, according to a recent study published by researchers from the International Computer Science Institute. The troubling aspect is that most of these apps and games are available on the Play Store
The study, titled “Won’t Somebody Think of the Children? Examining COPPA Compliance at Scale”, highlights that a number of ‘child friendly’ apps on the Play Store collect data in violation of the Children’s Online Privacy Protection Act (COPPA) which limits data collection on children under 13. The authors wrote:
“We identified several concerning violations and trends: clear violations when apps share location or contact information without consent (4.8%), sharing of personal information without applying reasonable security measures (40.0%), potential noncompliance by sharing persistent identifiers with third parties for prohibited purposes (18.8%), and ignorance or disregard for contractual obligations aimed at protecting children’s privacy (39.0%). Overall, roughly 57% of the 5,855 child-directed apps that we analyzed are potentially violating COPPA.”
Out of the 5,855 apps included in the study, 281 collected contact or location data without asking for a parent’s permission, which raises a red flag for any app targeted at children. Additionally, 1,100 of the apps shared persistent identifying information with third parties for restricted purposes and 2,281 apps violated Google’s terms of service which forbids apps from sharing identifiers to the same destination as the Android Advertising ID.
On top of that, 40 percent of the apps transmitted the collected information without using “reasonable security measures”, and 92 percent of the 1,280 aps with Facebook integration weren’t properly using Facebook’s code flags to limit under-13 use. It’s worth noting that the researchers used an automated tool to analyze the apps and claim that they’re not showing “definitive legal liability” through the study. The researchers further add that the apps in question may be in violation of COPPA and the onus now falls onto the regulators to decide whether they violate any child-focused privacy law.