Thousands of Android apps violate child privacy, says study

Just like with fake news, Facebook's actions, or inactions, are sending ripples throughout the tech industry. Data privacy has become a hot topic again and people are putting more and more services under a microscope. Just like YouTube, a new study from researchers affiliated with the International Computer Science Institute reports that thousands of Android apps could be in violation of the Children's Online Privacy Protection Act or COPPA. But unlike YouTube, there's still some uncertainty on who should be held legally accountable or if there's a clear violation at all.

Leaking private data is bad enough but things always take a more horrifying turn when children are involved. The researchers developed and used an automated tool to analyze 5,855 popular Android apps that were marketed or marked for being family-friendly. The results weren't flattering in any way.

- 5 percent of the apps included in the study collected users' location or contact data (such as phone number or email address) without first obtaining parental consent.

- 1,100 of the apps (19 percent of those studied) shared sensitive information with third-party services whose terms of service explicitly prohibited their use in children's apps, likely because they are engaged in behavioral advertising.

- 2,281 apps (39 percent of those studied) appeared to violate Google's terms of service regarding the sharing of persistent identifiers (which provide unique information that can be associated with an individual over time and across platforms, apps, or devices.)

- 40 percent of the apps in the study shared users' personal information via the internet without applying reasonable security measures.

- Of the 1,280 apps included in the study that integrated with Facebook, 92 percent did not correctly utilize the company's configuration options in order to protect users under 13.

But more than just those figures, the entire situation is worsened by the fact that the COPPA itself might not be strong or strict enough to pursue possible violations. The FTC interprets the COPPA very strictly and limit's the law's application to online services that are either directly targeted at users under 13 years old or have actual knowledge of having such users. Companies have found a grey area they might be able to evade such requirements and some app developers might not even care.

Case in point is Duolingo, the popular language learning service which the study lists as a violator. Duolingo explains that it is marketed at a general audience and therefore doesn't fall under the COPPA. And while it does send information to third-parties, it explains that the third-party is only used for bug fixing and app crashes.

As such, the study is really just an eye-opening example of the sad state of affairs in the app market. It doesn't necessarily lead to legal action, at least not under the current terms of the COPPA. The researchers' automated tool could at least be of interest to the likes of Google and Facebook who need such tools to screen the apps that go into their markets.

VIA: Education Week