Thousands of family-friendly apps from the Google Play Store are potentially violating federal law, according to a new large-scale study from North American and European universities and organizations.
The research, recently published in the journal Proceedings on Privacy Enhancing Technologies, showed that 3,337 Android apps on Google Play were improperly collecting children's data and potentially violating the United States Children's Online Privacy Protection Act (COPPA), which limits data collection for kids under age 13.
COPPA gives parents control of any online entity that collects personally identifiable information (PII) from kids. Collecting PII from children under age 13 without explicit parental permission is illegal.
"We identified several concerning violations and trends," study researchers from the International Computer Science Institute at the University of California, Berkeley, said. "Overall, roughly 57 percent of the 5,855 child-directed apps that we analyzed are potentially violating Coppa."
Using an automated analysis tool to examine app privacy on more than 80,000 apps between November 2016 and March 2018, the researchers determined when private data was accessed and where the data was then sent.
They narrowed it down to 5,855 child-directed apps. These were in 63 different Play Store categories, with 60 percent in the Casual Games, Brain Games, and Educational Games categories.
They found that only a small number (4.8 percent) of the apps had "clear violations when apps share location or contact information without consent."
But 40 percent shared personal data without reasonable security measures and 18 percent shared individual identifiers with parties for unlawful purposes, such as ad targeting.
Thirty-nine percent, the team found, displayed "ignorance or disregard for contractual obligations aimed at protecting children's privacy."
With Google's Designed for Families initiative, the company had taken steps to enforce COPPA compliance, but the researchers said, "as our results show, there appears to not be any (or only limited) enforcement.
"The researchers are adamant that they're not showing 'definitive legal liability,'" Engadget reported. "These apps may be running afoul of the law, but it's up to regulators at the FTC to decide if they are."
Read the full study at petsymposium.org .
Explore further: Mobile app behavior often appears at odds with privacy policies
Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina-Rodriguez, Serge Egelman (July 2018)
"Won't Somebody Think of the Children?" Examining COPPA Compliance at Scale [PDF]
In: The 18th Privacy Enhancing Technologies Symposium (PETS 2018), 24–27 July 2018, Barcelona, Spain.