Thousands of popular children’s apps available for download on Google Play may be violating child privacy laws, according to a new study, drawing more attention to big tech’s data-collection efforts.
The study analyzed 5,855 of the most popular free children’s apps and found that a majority of them may be violating the Children’s Online Privacy Protection Act (COPPA). According to the study, thousands of the tested apps collected the personal data of children under age 13 without a parent’s permission.
“This is a market failure,” Serge Egelman, a co-author of the study and the director of usable security and privacy research at the International Computer Science Institute at UC-Berkeley, told the Washington Post. “The rampant potential violations that we have uncovered points out basic enforcement work that needs to be done.”
The researchers found that potential privacy violations came in different forms. More than 1,100 children’s apps collect identifying information from kids using tracking software whose terms of service actually prohibit their use for children’s apps. Researchers also found that nearly half the apps are not taking “reasonable procedures to protect the confidentiality, security, and integrity of personal information collected from children.”
A Google spokesperson told Fox News they are looking into the report’s findings and provided the following statement:
“We’re taking the researchers’ report very seriously. Protecting kids and families is a top priority, and our Designed for Families program requires developers to abide by specific requirements above and beyond our standard Google Play policies. If we determine that an app violates our policies, we will take action. We always appreciate the research community’s work to help make the Android ecosystem safer.”
However, as the study notes, the Designed for Families program is an “optional review process” that allows developers to list compliant apps under family-friendly categories and areas relevant to children under age 13.
The study’s authors used an automated analysis on apps that agreed to abide by COPPA as part of their inclusion in the Designed for Families program, but it found that 28 percent of them still accessed sensitive data and 73 percent of them transmitted sensitive data over the Internet.
Each of the 5,855 apps under review was installed more than 750,000 times, on average, according to the study, which was called "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale.'" Some of the apps in question included Disney’s “Where’s My Water?,” Gameloft’s “Minion Rush” and Duolingo, a language learning app.
“This study, by the authors’ own admission, does not claim to identify any actual violation of COPPA. Protecting children’s online privacy is very important to us and we are confident that our practices adhere to the law. We have a robust COPPA compliance program, and we maintain strict data collection and use policies for Disney apps created for children and families,” a Disney spokesperson responded.
As politicians and other critics have noted, Google and other companies in the data-monetization business have reaped massive profits from consumer information as regulators have not managed to keep up with the pace of change.
“Google has basically looked the other way while it was able to generate revenues off of children's apps,” Jeffrey Chester, the executive director of the Center for Digital Democracy, told the Washington Post. “The new, alarming report is further evidence that Google is thumbing its nose at the only federal online privacy law that we have.”