Thousands of Mobile Apps for Children Might be Violating Their Privacy

Typography

Thousands of the most popular apps and games available, mostly free of charge, in the Google Play Store, make potentially illegal tracking of children's use habits, according to a large-scale international study co-authored by Narseo Vallina-Rodriguez, a researcher at the IMDEA Networks Institute in Madrid and ICSI, the International Computer Science Institute at the University of California, Berkeley (USA).

Thousands of the most popular apps and games available, mostly free of charge, in the Google Play Store, make potentially illegal tracking of children's use habits, according to a large-scale international study co-authored by Narseo Vallina-Rodriguez, a researcher at the IMDEA Networks Institute in Madrid and ICSI, the International Computer Science Institute at the University of California, Berkeley (USA).

An international group of seven researchers analyzed 5,855 apps for children and found that 57% may be violating the US Children's Online Privacy Protection Act (COPPA). Thousands of apps collect and share with third parties personal data of under 13s without parental consent. The services collecting this information, such as those devoted to online advertising and user monitoring, are for the most part designed to share data with third parties, according to this study.

The researchers found that 28% of these apps accessed confidential data protected by Android permissions and that 73% of the apps transmitted confidential data over the Internet. Among the apps analyzed, 4.8% presented "clear violations when apps share location or contact information without consent", 40% shared personal information without applying reasonable security measures, 18% shared persistent identifiers (such as a mobile phone’s IMEI) with services or business partners for prohibited purposes, for example ad targeting, and 39% "do not seem to take sufficient measures to protect the privacy of children", according to Vallina-Rodriguez

“While accessing a sensitive resource or sharing it over the internet does not necessarily mean that an app is in violation of COPPA, none of these apps attained verifiable parental consent: if the [automated testing we performed] was able to trigger the functionality, then a child would as well,” the researchers wrote.

Read more at IMDEA Networks Institute

Image: Thousands of mobile apps for children might be violating their privacy. (Credit: © IMDEA Networks Institute)