Thousands of Android Apps Are Violating Child Privacy Laws

Posted on Apr 17, 2018 by Josiah Wilmoth

Thousands of Android apps are violating a law designed to protect the privacy of children using internet-connected devices, research from the International Computer Science Institute (ICSI) shows.

Writing in a newly-published study, a group of ICSI researchers found that most Android apps targeted at children under 13 likely violate the Children’s Online Privacy Protection Act (COPPA), one of the U.S.’s most stringent pieces of child privacy legislation.

“Based on our automated analysis of 5,855 of the most popular free children’s apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs,” the researchers wrote. “While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs.”

Researchers also noted that 92 percent of the 1,280 children’s apps that used the Facebook API “may be using it for COPPA-prohibited activities, which is perhaps not surprising given Facebook’s woeful track record on data privacy.

The researchers wrote that in many cases the COPPA violations were likely inadvertent, as certain third-party software development kits (SDKs) provide Android developers with the ability to disable tracking and behavioral advertising — which are prohibited under COPPA — but the apps did not have these configurations enabled

However, in other cases, developers may have knowingly violated COPPA, likely due to the fact that tracking users and selling their data is lucrative, whether the users are children or not.

“Worse, we observed that 19% of children’s apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps,” the study said.

Equally as alarming is that the study found that more than 200 of the Android apps examined in the study performed geolocation tracking on child users without requiring their parents to provide explicit opt-in consent.

This isn’t the first time that Google has faced allegations that its products are violating COPPA. Earlier this month, approximately two dozen child advocacy groups filed a Federal Trade Commission (FTC) complaint against YouTube, alleging that the video streaming giant allows advertisers to target ads at children in violation of COPPA.

Featured Image from Pixabay