• According to new research, hundreds of apps meant for use by children request all kinds of unnecessary information from their devices.
  • Privacy advocates want app stores to define stringent requirements to easily identify apps meant for children and enforce appropriate restrictions.
  • Meanwhile, they suggest parents should take the time to screen the permissions requested by apps used by their kids.

Three young girls on cell phones.

Unscrupulous app developers are working around laws meant to protect children's online privacy, pushing an ever-growing number of intrusive apps onto both Google Play Store and the Apple App Store. 

Pixalate, a fraud protection, privacy, and compliance analytics platform, examined the state of children’s online privacy by scrutinizing over 4,22,000 apps that they believe are meant for use by children in both the Apple and Google Play stores. Their research found that 68% of the top 150 most popular US-registered apps and 70% of the top 1000 apps for children, which Pixalate reviewed manually, transmitted location information, while 59% requested permission to access other personal information.

“Child-directed apps are growing in numbers, and it’s quite worrisome that plenty of them share [location information] with advertisers,” Dimitri Shelest, founder and CEO of online privacy company OneRep, told Lifewire via email. “You, as a parent, are not going to know how this information can be used and misused.”

No Holds Barred

The Children’s Online Privacy Protection Act (COPPA) is a US federal law designed specifically to protect children’s online privacy. In their analysis, Pixalate discovered instances of various apps skirting the restrictions defined by COPPA.

"According to [COPPA], children under the age of 13 are not supposed to have their data collected,” explained Shelest. “This creates a certain loophole for app developers who bury their heads in the sand and prefer not to ask users about their age.”

Every family should be empowered with information to understand in clear terms how their children's data is being handled…

What bothers Shelest, though, is the discovery that 42% of the apps meant for children request access to the kid's personal information, and over 9000 of them supposedly have no privacy policy. 

“This basically means that an app collecting a child’s personal data, not only location data but also an email address, log data, IP addresses, a telephone number, a first and last name, and many more data points, does not disclose how and what information is collected, stored and whether it’s sent off to the ad industry or shared with 3rd parties for any other reason,” said Shelest.

In an interview with the Washington Times, Stacy Feuer, a senior vice president of the Entertainment Software Rating Board (ESRB), said children’s consumption of technology has changed quite dramatically from back when the bill came into effect in 2000. 

In fact, in the same article, one of COPPA’s authors, Senator Edward J. Markey, agreed it’s time to revisit the bill. Markey said he and his fellow authors feared the bill could provide a real opportunity for unscrupulous companies to take advantage of children, even back when the bill was introduced, adding that he believes the problem is now “on steroids.”

The good news is that the Federal Trade Commission (FTC), which enforces COPPA, is in the process of reviewing its implementation.

A parent reviewing a child's cellphone at the breakfast table with a laptop in front of the parent.

It Takes a Village

Taking a step back to look at the bigger picture, as a consumer advocate, Shelest thinks parents deserve to have the entire app infrastructure, including app developers, along with the app stores, be more transparent in identifying apps designed for use by children. This, he believes, could then be used to decide the age, privacy, and security requirements for such apps.

Melissa Bischoping, Endpoint Security Research Specialist at Tanium agrees, saying that in some cases, especially with mobile technology, the capabilities and broad reach have emerged faster than our understanding of consequences. As a parent to a teenager, teaching her child about the impacts of his digital presence and technology use is a regular topic of conversation in her home.

"The complex details of application security and app store privacy policies still have a long way to go to make this information available in plain language to those parents who don't work in the industry," said Bischoping. "Every family should be empowered with information to understand in clear terms how their children's data is being handled, and we must reduce the myriad of barriers to making better privacy-focused decisions for those who are not tech-savvy."

Source