More than 3,300 Android apps are improperly tracking kids, study finds

April 18, 2018 by Fiza Pirani, The Atlanta Journal-Constitution

Thousands of family-friendly apps from the Google Play Store are potentially violating federal law, according to a new large-scale study from North American and European universities and organizations.

The research, recently published in the journal Proceedings on Privacy Enhancing Technologies, showed that 3,337 Android apps on Google Play were improperly collecting children's data and potentially violating the United States Children's Online Privacy Protection Act (COPPA), which limits data collection for kids under age 13.

COPPA gives parents control of any online entity that collects personally identifiable information (PII) from kids. Collecting PII from children under age 13 without explicit parental permission is illegal.

"We identified several concerning violations and trends," study researchers from the International Computer Science Institute at the University of California, Berkeley, said. "Overall, roughly 57 percent of the 5,855 child-directed apps that we analyzed are potentially violating Coppa."

Using an automated analysis tool to examine app on more than 80,000 apps between November 2016 and March 2018, the researchers determined when private data was accessed and where the data was then sent.

They narrowed it down to 5,855 child-directed apps. These were in 63 different Play Store categories, with 60 percent in the Casual Games, Brain Games, and Educational Games categories.

They found that only a small number (4.8 percent) of the apps had "clear violations when apps share location or contact information without consent."

But 40 percent shared personal data without reasonable security measures and 18 percent shared individual identifiers with parties for unlawful purposes, such as ad targeting.

Thirty-nine percent, the team found, displayed "ignorance or disregard for contractual obligations aimed at protecting children's privacy."

With Google's Designed for Families initiative, the company had taken steps to enforce COPPA compliance, but the researchers said, "as our results show, there appears to not be any (or only limited) enforcement.

"The researchers are adamant that they're not showing 'definitive legal liability,'" Engadget reported. "These apps may be running afoul of the law, but it's up to regulators at the FTC to decide if they are."

Read the full study at petsymposium.org .

Explore further: Mobile app behavior often appears at odds with privacy policies

More information: Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, Serge Egelman (July 2018)
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale [PDF]
In: The 18th Privacy Enhancing Technologies Symposium (PETS 2018), 24–27 July 2018, Barcelona, Spain.

22 shares

Related Stories

Health apps and the sharing of information with third parties

March 8, 2016

In a study appearing in the March 8 issue of JAMA, Sarah R. Blenner, J.D., M.P.H., of the Illinois Institute of Technology Chicago-Kent College of Law, Chicago, and colleagues examined the privacy policies of Android diabetes ...

Apps to keep children safe online may be counterproductive

April 3, 2018

Mobile apps designed to help parents keep their children safe from online predators may actually be counterproductive, harming the trust between a parent and child and reducing the child's ability to respond to online threats, ...

Recommended for you

Team breaks world record for fast, accurate AI training

November 7, 2018

Researchers at Hong Kong Baptist University (HKBU) have partnered with a team from Tencent Machine Learning to create a new technique for training artificial intelligence (AI) machines faster than ever before while maintaining ...

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.