A study completed by seven researchers in the US has found that thousands of free and popular apps on the Google Play Store for Android smartphones are violating a key privacy law in the country. The law in question is the Children’s Online Privacy Protection Act (COPPA), which was enacted in 1998 and brought into effect in 2000. It covers the collection of data online by persons or entities under US jurisdiction, of children under the age of 13, and was enacted to better protect children using the internet.
Data collection has always been a hot topic, and the practices of various tech companies in this regard has been further highlighted by the Facebook-Cambridge Analytica data breach. As users and authorities seek to clamp down on illegal data collection, this research draws specific attention to the online security of children, particularly in this day and age of widespread internet connectivity and usage through smartphones. The study here covers the data tracking activities of about 6,000 apps that are aimed at children, including Disney’s Where’s My Water, Gameloft’s Minion Rush and Duolingo, an app to learn languages on your smartphone, reports the Washington Post.
“This is a market failure,” says Serge Egelman, one of the co-authors of the study, and the director of usable security and privacy research at the International Computer Science Institute at the University of California at Berkeley. “The rampant potential violations that we have uncovered points out basic enforcement work that needs to be done.” Furthermore, the involvement of major app developers such as Disney and Gameloft that reach millions of users – children, specifically – show just how serious the issue is.
WATCH: Samsung Galaxy S9+ Review
The researchers used a testing platform that allowed them to see how often an app accessed sensitive information on a device, which included location data and contact lists, along with what other entities the app may be sharing that data with. Disney, Gameloft and Duolingo did not immediately respond to requests for comment from the Washington Post. The researchers further note that Google has, to some extent, done its part by requiring developers of apps for children to certify that they are COPPA-compliant. However, Google barely enforces this on its end, or checks whether the apps truly are COPPA-compliant.
The study, titled Won’t Somebody Think of the Children? Examining COPPA Compliance at Scale, has been published in a journal called the Proceedings on Privacy Enhancing Technologies.