A new study entitled Procedures on Privacy Enhancement Technologies has discovered that more than half of Android apps targeting children under 13 can violate the US Online Privacy Protection Act for children. UU (COPPA), according to The Guardian. In addition, the study, led by researchers at the International Institute of Computer Science at the University of California at Berkeley, says applications that collect and share data incorrectly are included in the Google Family Designed program.
The study analyzed 5,855 applications aimed at children and researchers said they identified several violations and trends. According to the study, 4.8 percent had clear violations in sharing location or contact information without consent, 18 percent shared identifiers for ad targeting. , 40 percent shared personal information without adequate security protocols, and 39 percent ignored "contractual obligations to protect children's privacy".
In total, 28 percent of applications accessed confidential data protected by Android permissions, and 73 percent of applications transmitted such confidential data over the Internet. Some of the applications named in the report include KidzInMind, "Pop Girls-High School Band" by TabTale and Fun Kid Racing.
While Google's Designed for Families program provides developers with information about COPPA and says it requires certification of compliance, the application appears to be non-exhaustive. The report notes that while developers and SDKs have financial incentives to ignore violations (restrict the results of lower-income data collection), they suspect that "many privacy violations are unintentional and caused by misunderstandings of third-party SDKs." .
The COPPA was enacted by Congress in 1999 and was created in order to protect the privacy of children online. The law requires companies that design applications for children under 13 to obtain parental consent before collecting personal information. In 2013, the FTC revised COPPA to also include geolocation markers, IP addresses and the mandate that third-party advertisers also comply with these rules.
This is far from the first time that applications targeting children have been found in violation of COPPA. Last year, a federal class action lawsuit was filed against Disney, claiming that 42 of its applications were collecting and sharing data with advertisers without parental consent. Last month, a similar complaint about the sale of information about underage users to advertisers was also imposed on YouTube. In January, VTech Electronics, the parent company of the popular educational brand LeapFrog, agreed to pay a fine of $ 650,000 on charges of violating the privacy of children.