After the outrage of Facebook’s data collection, researchers found that thousands of android apps are collecting data and sending information to third-party services. Is it legal to do so? The answer is NO. According to the laws of the Children’s Online Privacy Protection Act (COPPA), such sharing of information of children under the age of 13 is strictly prohibited. The researchers from the International Computer Science Institute had a closer look at thousands of kid’s android apps and concluded that majority of the children’s games are violating the law.
The researchers published the study, “Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale”, which analyzed thousands of android apps that keep kids busy. After the analysis of over five thousand kids and family focused apps, it is proved that about 19 percent of the apps share sensitive information to third-party services whose terms of services forbid them to use kid’s app, as they are engaged in behavioral advertising. In addition, 5 percent of the apps share information such as user’s location, mobile number, and email address without the consent of parents. According to the study, 40 percent apps share user’s information without taking any security measures. In addition, approximately 1,200 apps are linked with Facebook, of which more than 90 percent apps are not properly configured to protect children under the age of 13.
The developers of the most popular kid’s game Fun Kid Racing, Tiny Lab Productions explained that the apps are directed to parents and not to children. Furthermore, the users are asked to enter the player’s age, and the app does not collect any data if it is under 13. The CEO of Tiny Labs Productions, Jonas Abromaitis said that the researchers must have registered the age above 13 during the study. However, the paper’s co-author, Serge Egelman denied his claims and stated, “Even if his claims are true, they are irrelevant as the study was performed using machine algorithm by randomly pressing buttons.”
Egelman said, “If a robot can click-through their consent screen, which caused the sharing of data, children that do not understand what they are agreeing to can do the same.” Furthermore, he added that these companies are not expected to reverse-engineer apps to make an informed decision whether it is safe for children to use.
The sad part of the study is that not all companies care about such data-sharing as social media and other platforms were never used in such larger scale before. Moreover, the study illustrates the challenges that Google faces while enforcing child-focusing laws and COPPA. Several researchers believe that just asking permission of parents and performing age check is not enough in such cases, and there are numerous issues regarding third-party share of information. This study is just a small look, and the entire picture is yet to be seen. Since, the data is collected by machines, researchers need a manual look before enforcing law on app developers. Thus, for now, all parents could do is to make sure that their children are using apps safely and logged in carefully.