Over 3300 Android Apps on Google Play Store Are Improperly Tracking Kids

Gwen Vasquez
April 17, 2018

Worse, researchers point out that around a fifth of all the tested apps used an SDK that specifically prohibited developers from using its library in child-directed apps, due to the nature of its data collection.

The International Computer Science Institute published the study, titled 'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale, detailing that 3,337 applications could be breaking the US Children's Online Privacy Protection Act (COPPA) through illegally tracking the data of minors.

But recent research has identified thousands of apps on the Google Play Store that could be in violation of COPPA, all of which have been certified as COPPA-compliant by Google.

Further, the survey revealed that there were approximately 256 apps that collected sensitive geolocation data, 107 shared the device owner's email address and 10 of them shared phone numbers. But around children, who may not understand what a targeted ad is, it's a particular concern. "These techniques include not shipping the malicious functionality of an app until a second stage that is triggered by some behavior". However, it is not yet clear if double tapping on the Pill tab allows a user to switch between their last two opened apps, as it now functions on the Google's Pixel and Nexus devices. The method directly violates Google policy as well.

"One observation generated from our analysis was that 37 apps-all developed by BabyBus, a company specialising in games for young children-did not access the location of the device through the standard Android permissions system. Thus, industry self-regulation appears to be ineffective", the researchers wrote.

With thousands of Android apps added to the Google Play Store daily, it may be hard for Google to manually inspect all the apps to make sure that no laws are being broken.

More news: Second-Grader Attacks Students With Kitchen Knife

But that doesn't bail out Google in any way.

The researchers didn't look at the Apple app store, so the problem could be just as widespread there, too.

There are steep consequences for companies that violate COPPA - the Federal Trade Commission fined Yelp $450,000 for doing so in 2014. In 2017, the head of the Department of Health's National Data Guardian (NDG) criticised Google for sharing patient data.

Golin said: "It's also clear that self-regulation efforts - both Google's attempts to ensure Coppa compliance at the app store level and the Safe Harbor certification programme - are failing families".

"Google has basically looked the other way while it was able to generate revenues off of children's apps", said Jeffrey Chester, the executive director of the Center for Digital Democracy.

Other reports by LeisureTravelAid

Discuss This Article