Following Facebook’s Cambridge Analytica scandal, tech companies are putting a renewed focus on user privacy. But a new study suggests that thousands of apps in the Google Play store are potentially violating US laws by collecting an excessive amount of data from kids.
A team of university researchers and scientists using an “automatic evaluation of the privacy behaviors of Android apps,” diagnosed 5855 apps in the Play Store that are designed for families and children. 28 percent of these “accessed sensitive data protected by Android permissions,” 73 percent of the applications “transmitted sensitive data over the internet,” and 40 percent shared personal information without applying reasonable security measures.
Around 57 percent of the tested apps could be violating the Children’s Online Privacy Protection Act (COPPA), which restricts data collection for children under 13.
Some of the worst offenders were the 281 apps that collected contact or geolocation data without asking for a parent's permission. There were also 1100 apps that shared persistent identifying info with third parties for restricted purposes such as ad targeting. Additionally, 39 percent of all those tested showed “ignorance or disregard for contractual obligations aimed at protecting children’s privacy.”
“While accessing a sensitive resource or sharing it over the internet does not necessarily mean that an app is in violation of Coppa, none of these apps attained veriﬁable parental consent: if the [automated testing] was able to trigger the functionality, then a child would as well,” explained the researchers.
As noted by Engadget, with over 2700 apps arriving on Google Play’s store every day, manually reviewing each one is an impossible task, though some developers may not realize they are potentially violating COPPA rules. It’s possible that the automated tool used in the study could help analyze the app submissions.