The apps targeted at children, were downloaded 750,000 times, on an average. The study found thousands of kid-targeted apps were collecting data from the device, some including GPS location and personal information
Amidst the Facebook-Cambridge Analytica furore, a team of researchers from the US-based International Computer Science Institute have flagged concerns of a possible violation of data protection laws for children, by thousands of popular and free children's apps on Android.
Seven researchers analysed nearly 6,000 apps for children and found that majority of them on Google Play Store are tracking data on kids in violation of the Children's Online Privacy Protection Act, or COPPA, which regulates data collection from users who are under 13 years old.
The apps targeted at children, were downloaded 750,000 times, on an average. The study found thousands of kid-targeted apps were collecting data from the device, some including GPS location and personal information.
Concerns regarding data privacy have come into sharp focus after Cambridge Analytica was found to have used millions of user data sourced from Facebook and other apps using Facebook login. It triggered a chain reaction where lawmakers, as well as the population at large, started scrutinising how tech companies are collecting and using information on them. Incidentally, concerns of COPPA violation were also flagged against YouTube earlier this month, which is owned by Google.
Children's apps typically have different standards of tracking data. The law requires explicit parental consent. The study found that many of these apps targeted to kids were in violation of that.
According to the study, 28% of the apps reviewed accessed sensitive data protected by Android permissions. “We also observed that 73% of the tested applications transmitted sensitive data over the internet,” the study found.
The study goes on to say that of the 5,855 apps tested, 256 or 4.4% collected geolocation data, 107 shared the device owner’s email address, and 10 shared phone numbers also.
Geolocation data not only reveals where individuals live, but can also help infer socioeconomic scenarios, everyday habits, and health conditions, among others.
“One particularly egregious example is app developer TinyLab. We observed that 81 of their 82 apps that we tested shared GPS coordinates with advertisers,” the researchers stated in the report.
Around 4.8% of the apps studied were in clear violation of sharing location or contact information without consent, while 18% shared identifiers for target advertising. The study also found that 40% of these apps shared personal information without proper security protocols, and 39% disregarded contractual obligations aimed at protecting children’s privacy.
“One observation generated from our analysis was that 37 apps—all developed by BabyBus, a company specialising in games for young children—did not access the location of the device through the standard Android permissions system. Yet, we observed them transmitting hardware and network configuration details to a Chinese analytics company called TalkingData,” the report said. Some of the apps named in the report include KidzInMind, TabTale’s “Pop Girls–High School Band,” and Fun Kid Racing.
The Federal Trade Commission of US had warned BabyBus in 2014, for potential collection of geolocation data. In 2016, the ad network InMobi was fined USD 1 million for gathering the location of users – including children – without proper consent.
Google, in 2014, had allowed its users to reset their Android Advertising ID, which gave them better control on how online services track their data. Developers are required to only use that ID as a way to track data on users. The study, however claims, that two-thirds of children's apps don't allow people to reset that data.Even though Google has taken steps to enforce COPPA compliance, the researchers say they have found lack of enforcement.