In accordance with a recent survey of the Google Play Store Android apps, the online activities of children may be getting tracked by the number of apps in ways which prove to be a violation of the US privacy laws.
A team of university researchers and computer scientists, with the help of an automatic assessment of the privacy behaviors of the Android apps, arrived at a conclusion that of the 5,855 apps in the Play Store’s Designed for Families program, nearly 28 percent accessed the sensitive information protected by Android permissions and nearly 73 percent of the applications transmitted the sensitive information over the internet. Although the survey took into account that simply collecting that data did not necessarily violate the Children’s Online Privacy Protection Act (COPPA), a federal law limiting data collection on children under 13, “none of these apps attained verifiable parental consent” as necessary under the law as their automated tool was capable of activating them.
Amongst the many concerning findings was that nearly 256 apps collected the geolocation data, 107 apps shared the email address of the device owner, and 10 apps shared phone numbers. 1,100 apps shared persistent identifiers that could be used for the behavioral advertising techniques that are banned for use on children by COPPA. 2,281 apps transmitted Android Advertising IDs that Google requires the developers and SDKs to use as the sole persistent form of ad tracking and let the users clear their use histories, alongside the other information in a method that could fully negate AAID privacy protections. That implies those apps seem to be violating the Google policy.
It was written by the authors that the results showed that many apps are possibly playing fast and loose with both the Play Store policy and the law. That was all done through automated methods, and it is possible that some of the apps in the question were not collecting information in ways that violate COPPA. But the authors contest that the sheer number of apps with tracking works indicated that non-compliance was widespread and that their sample was big enough to be representative of the wider app economy. Though platforms such as the Play Store and Apple’s App Store are exempt from COPPA, this sample came from the pool of vetted family-friendly apps of the Play Store.
As per the reports, the huge number of apps flooding into the Play Store (nearly 2,700 per day) implies that many may not be undergoing a manual review. It may as well be that some app developers simply are not aware of the rules of COPPA, especially when the apps are intended for audiences of variable ages. The survey never included any iOS apps.
Activists have been pressuring the Federal Trade Commission in the recent months to take action against a number of large corporations they allege are illegally directing ad-targeting tools at children, including YouTube and Disney. In the past, the FTC has settled with organizations including Yelp for COPPA violations, and New York state settled with JumpStart Games, Hasbro, Viacom, and Mattel over COPPA violations in the year 2016. However, as this study portrays, it likely attempts to dodge the regulations to deliver targeted ads to children remain rampant online.