Thousands of the most popular apps and games available, mostly free of charge, in the Google Play Store, make potentially illegal tracking of children’s use habits, according to a large-scale international study co-authored by Narseo Vallina-Rodriguez, a researcher at the IMDEA Networks Institute in Madrid and ICSI, the International Computer Science Institute at the University of California, Berkeley (USA).
An international group of seven researchers analyzed 5,855 apps for children and found that 57% may be violating the US Children’s Online Privacy Protection Act (COPPA). Thousands of apps collect and share with third parties personal data of under 13s without parental consent. The services collecting this information, such as those devoted to online advertising and user monitoring, are for the most part designed to share data with third parties, according to this study.
The researchers found that 28% of these apps accessed confidential data protected by Android permissions and that 73% of the apps transmitted confidential data over the Internet. Among the apps analyzed, 4.8% presented “clear violations when apps share location or contact information without consent”, 40% shared personal information without applying reasonable security measures, 18% shared persistent identifiers (such as a mobile phone’s IMEI) with services or business partners for prohibited purposes, for example ad targeting, and 39% “do not seem to take sufficient measures to protect the privacy of children”, according to Vallina-Rodriguez
“While accessing a sensitive resource or sharing it over the internet does not necessarily mean that an app is in violation of COPPA, none of these apps attained veri?able parental consent: if the [automated testing we performed] was able to trigger the functionality, then a child would as well,” the researchers wrote.
In addition, many of these apps use services provided by third parties whose terms of service prohibit their use in apps targeted to minors. Therefore, the apps that embed the tracking software provided by these services may not only be infringing COPPA, but also the legal terms by which those services are governed. An example of such third parties, among the many that the study mentions, is the Crashlytics service owned by Alphabet (Google’s multinational parent company).
Each of the apps studied was installed, on average, more than 750,000 times, which means that they may be potentially in use by millions of devices on a global scale. Among the apps analyzed are some very popular games like Disney’s ‘Where’s My Water?’ and Gameloft’s ‘Minion Rush’, as well as ‘Duolingo’, a language learning app. Disney, Gameloft and Google have said in statements made to international media in response to this study that the protection of children’s rights is of great importance to them and they have committed themselves to investigate further.
Silicon Valley giants in the spotlight
These findings come to light at a time when Facebook, another Silicon Valley giant with crucial interest in the digital advertising business, is on the radar of international data protection agencies for the illegal filtering of information from 87 million Americans to Cambridge Analytica.
Critics of Google, Facebook and other stakeholders that dominate the digital-apps world say they have profited greatly from advances in data-tracking technology to promote their business purposes, even as regulators have failed to keep up with the resulting privacy intrusions. The law exists in the US and at the end of May the European Union will put into operation the new GDPR legislation for the regulation of privacy on the Internet. This Pan-European law is aimed at tackling and controlling the fraudulent and transnational use of the vast amount of personal data that flows through the network, a marketplace in vogue to buy and sell data, which is unknown to the consumer despite being its flagship product.
Nevertheless, according to Vallina-Rodriguez, “to date, regulatory attempts seem to have had little effect in curbing these practices. There are still countless examples of games and apps for children who use third-party services that collect tracking data without parental consent. For example, Google’s Designated for Families (DFF) program requires developers of children’s apps to comply with COPPA but, as our results show, there appears to not be any (or only limited) application of the law since it is not enforced”. In addition, the analysis performed of apps certified as “safe” by the US Federal Trade Commission’s (FTC) Safe Harbor program did not yield better results. Most were still violating COPPA, despite the certification obtained.
The results of this study aggravate the burning concern about the lack of transparency of the companies to which, every day, adults and minors, parents and children, trust highly sensitive information. “Based on our data, it is not clear that industry self-regulation has resulted in higher privacy standards; some of our data suggest the opposite. Thus, industry self-regulation appears to be ineffective,” the researchers wrote. According to them, centralized regulatory and control efforts by the government are required since the violation of the rights of consumers is massive and prevalent.
Image source: © IMDEA Networks Institute
more recommended stories
Giving people a ‘digital identity’ could leave them vulnerable to discrimination
Researchers at University of Exeter raise.
Highlights from MGF 2019
Highlights and observations from Moscow Global.
Futures look bright in Skolkovo
How one area within Moscow is.
Keeping children safe in the ‘Internet of Things’ age
Children need protection when using programmable.
Parental behaviour affects the involvement of children in cyberbullying
Andalusian researchers demand the involvement of.
Brain training app improves users’ concentration, study shows
A new ‘brain training’ game designed.
Investment in AI is essential to modernise the education sector
Jayne Warburton, former Assistant Head Teacher.
Parents, kids spend more time discussing how to use mobile technology
Study found that parents spend more.
How “tech intensity” is the call from Microsoft
Microsoft CEO Satya Nadella calls for.
Advertising in kids’ apps more prevalent than parents may realise
Ninety-five percent of reviewed apps for.