Thousands of Android Apps are Illegally Tracking Children
“Never tell your real name to anyone on the Internet.” If you were old enough to experience the Internet during its infancy in the 1990s, you no doubt received this advice. Times have changed, and the Internet has evolved from a novelty to an essential part of our lives. Thanks in part to the Cambridge Analytica Facebook scandal and innumerable data breaches, online privacy concerns have once again become part of our national dialogue. It seems like no one is immune from having their digital footprints monitored and monetized; not even our children.
Compared to many of their peers, Google has received relatively good marks for protecting the personal data it collects on users. However, its open-source Android mobile operating system is far more susceptible to abuse from third-party developers. This vulnerability was again highlighted in a recent report that found thousands of Android apps are illegally tracking young children.
The new study, entitled “Won’t Somebody Think of the Children? Examining COPPA Compliance at Scale” was compiled by researchers affiliated with the International Computer Science Institute (ICSI). Their research analyzed thousands of the most popular free children’s apps to evaluate their privacy behaviors and determine compliance with the Children’s Online Privacy Protection Act (COPPA). What they discovered has parents and privacy advocates concerned.
“Based on our automated analysis of 5,855 of the most popular free children’s apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs. Worse, we observed that 19% of children’s apps collect identifiers or other personally identifiable information (PII) via SDKs whose terms of service outright prohibit their use in child-directed apps.”
Understanding Mobile Device Privacy
To understand mobile app privacy, we need to understand the differences between the two most popular mobile operating systems: Google’s Android OS and Apple’s iOS. Apple treats their iPhone and iPad devices like a closed ecosystem. iOS only runs on devices that Apple manufacturers, and these devices are sold to consumers directly or through mobile service providers like Verizon and Sprint. Service providers are not allowed to modify the device’s software, and all iOS apps are subject to Apple’s strict review and approval process through its iTunes App Store.
Android devices are far more fragmented. Google licenses Android to numerous third-party companies, who can customize the OS to their liking. They can preinstall certain apps like Facebook and change the appearance and functionality of Android. Android users also have the ability to install apps from several different places, ranging from reputable sources like Amazon to sketchy black-market piracy websites.
Due to Android’s segmentation and Google’s lax policies, Android users can be far more vulnerable to apps that violate privacy.
What is COPPA?
Enacted by Congress in 2000, the Children’s Online Privacy Protection Act was created to protect the privacy of children under the age of 13. The law states that websites must require parental consent for the collection or use of any personal information of young children and restricts targeted marketing for children under the age of 13.
COPPA clearly states what websites and apps aimed at children can and cannot do, and to their credit Google has done due diligence in giving tools to help developers adhere to the law. Within the Android software development kits (SDK) are configuration options to easily disable tracking and targeted advertising to children. However, the findings of the ICSI showed that a startlingly large number of apps disregarded the privacy options.
In addition, the study found that 40% of the apps studied shared children’s personal info unsecurely, 19% shared private information with unauthorized third-party services, and 5% collected the children’s physical locations or contact data without obtaining parental consent.
How to Protect Your Children’s Online Privacy
Before giving your young child a mobile device, make sure to disable location services like GPS, and restrict their access to unauthorized apps by password protecting app store downloads. Before downloading an app for your child, do an online search of the name to see if it has raised any privacy red flags. In addition to these tips, Common Sense Media has put together several videos to help parents protect their children’s online privacy.
Wexler Wallace takes cases of consumer protection and violations of privacy seriously. If you have been harmed by illegal business practices, contact us today.