Parents, check the apps and games your children use on Android mobile devices. Many of the top programs for kids may collect their personal information without parental permission.
Unfortunately, even with apps that offer privacy protection by resetting personal information, most still transmit non-resettable hardware information advertisers can use to identify users.
A large-scale study discovered that a majority of the most popular free children’s apps in the Google Play Store track information on kids under 13, and thus were potentially in violation of federal COPPA regulations.
COPPA, the Federal Trade Commission (FTC)’s Children’s Online Privacy Protection Rule, is directed at apps and services for children under 13. The COPPA laws were enacted to give parents control of any online entity that collects personally identifiable information (PII) from children. Collecting PII from children under 13 without explicit parental permission violates the law.
An international research team drawn from North American and European universities and organizations developed an automated analysis tool to evaluate app privacy behaviors. The team’s methodology examines how and how often applications access the types of information protected by the laws. In addition, the group used a network monitoring tool to determine when apps accessed private data and where that data was sent.
The team’s analytical tool found all the free mobile apps on the Google Play Store from November 2016 through March 2018. Part of the research procedure included checking for new versions and releases. In all the team scraped more than 80,000 apps, but not all were subject to COPPA regulations, which narrowed the field.
The group focused on 5,855 children’s apps developers and publishers placed under Google Play’s Designated for Families (DFF) program. Any app in the DFF program indicates the developer represented to Google that the game is designed for children under 13, the developer received COPPA compliance guidance, and the app does not violate COPPA regulations.
The 5,855 apps were in 63 different Play Store categories — 60 percent in the Casual Games, Brain Games, and Educational Games categories.
The study found that the majority of apps potentially violated COPPA rules – most often because they used software development tools (SDKs) not in alignment with required practices. Most apps didn’t correctly offer or implement options to disable personal data tracking. The team found 19 percent of the apps collected information specifically prohibited by COPPA.
Even among the 3,454 apps that allowed users to reset their IDs, 66 percent transmitted identifiable non-resettable information. For example, while users could reset email address, phone number, and GPS location, two-thirds of the apps still sent advertisers Wi-Fi addresses, SIM card IDs, and Android Advertising IDs (AAIDs).
The study concludes that regulators could benefit from automated tools to check COPPA compliance. Because industry self-regulation hasn’t proved effective, the study argues, outside monitoring is essential.