A study conducted by researchers at the University of California and the Spanish IMDEA Institute has concluded that thousands of free Android apps have been invading children’s privacy without their parent’s consent.
According to the study 57% of Android apps for children were in contravention of America’s Children’s Online Privacy Protection Act (COPPA).
Among their findings
5% of these apps collected users’ contact and location data, including email addresses and phone numbers.
19% of the apps collected and shared sensitive data with third parties despite terms and conditions prohibiting this. These apps are aimed at a popular technique among advertisers called behavioural advertising. In which user behaviour is collated and used to present targeted adverts.
39% of tested apps worked against Google’s own terms of services by sharing persistent identifiers (PI).
40% of the apps were found to be collating and sending user data over the internet without using proper security measures making them vulnerable to hackers.
Based on our data, it is not clear that industry self-regulation has resulted in higher privacy standards, some of our date suggest the opposite. Thus, industry self-regulation appears to be ineffective.
These problems are rampant, and it's resulting in kids being exposed to targeted advertising and automatic profiling that could be illegal.
Parents are confronted with a near impossible task. Given the dominance of the Google App platform and the interest young children have in apps, it’s not practical for a parent to spend time trying to decipher the complex connections that drive the ad-supported App industry.- Serge Egelman: director of usable security & privacy research, University of California
Serge Egelman believes that there is a lack of will among all parties when it comes to protection for children online. He says that many app developers seem to be blasé when determining whether third party services are actually protecting children’s data.
And those third parties don’t appear to be checking whether they are receiving children’s data from the apps they integrate with.
And Egelman accuses the likes of Google and Facebook are not taking even the most basic steps to try to limit third parties collecting and sharing children’s data on their platforms.
Just last year Google was caught collecting location data of Android users even when they had turned off the location service. After being caught Google vowed never to do so again, which was nice.
And in January this year, the New York Times revealed that hundreds of Android gaming apps were tracking users’ TV viewing habits and then sharing it with third-party companies for targeted advertising.
Image: Brad Flickinger