MOBILE APP TRACKING is creepy enough, but a study has found that some 3,300 Android apps have been potentially illegally tracking kids.
Researchers affiliated with the International Computer Science Institute authored a study titled 'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale and published their findings of an automated testing process in the Proceedings on Privacy Enhancing Technologies Symposium.
They noted that 3,337 family and children-focused apps were improperly collecting data on children, which could be in violation of the US Children's Online Privacy Protection Act (COPPA).
"These problems are rampant, and it's resulting in kids being exposed to targeted advertising and automatic profiling that could be illegal," said Serge Egelman, co-author of the report and director of usable security and privacy research at ICSI.
It's worth noting that the researcher didn't explicitly say the apps were in direct violation of US law, and regulators like the US Federal Trade Commissions would need to decide the level of liability.
The researchers found that five per cent of the apps in the study collected user location and contact data without first looking for parental consent, while 1,100 apps shared sensitive information to third-party services, despite terms of service prohibiting such data collection over concerns it would lead to targeted advertising.
More than 2,200 apps were claimed to be breaching Google's terms of service with regards to sharing "persistent identifiers", whereby information over time can be associated with individual users over time and across apps, platforms and devices.
To make matters worse, 40 per cent of the app studies shared personal information across the internet without the proper security measures. 1,280 apps integrated with Facebook, yet 92 per cent of them did not correctly implement the social network's security measures to protect the data of users under the age of 13.
All this looks exceedingly dodgy, but there's more to the situations than meets the eye.
For example, developers creating apps that span wide audiences might legitimately collect data from adults but struggle to avoid harvesting children's data. This is particularly problematic when apps made to be used by people over the age of 13 find their way into education use, even when they may not have been designed for such purposes.
Then there's the problem with ensuring children are honest with how old they are when accessing apps and that they do indeed seek the permission of parents when prompted.
And given the volume of apps added to the Play Store on a daily basis, Google faces a massive challenge on policing the granular details.
The researcher's automated tool could offer the means to do this, but we suspect that there will be more data collection issues in a similar vein before Google works out a way to tackle such challenges.
We contacted Google for comment but the search giant has yet to respond.
Data privacy and collection is under a lot of scrutiny at the moment especially after the Cambridge Analytica scandal over Facebook data use threw into stark focus the questionable data collection and use of some companies. µ
Epyc performance potential, but Rome wan't build in a day
Patch? Patchy more like
Slurped surveillance info includes location data and social groups