In an alarming study titled "Won't Somebody Think of the Children?", professors and researchers with the International Computer Science Institute (ICSI) said they found Android apps for children to be rife with violations of the Children's Online Privacy Protection Act, a 1998 law designed to protect the online privacy of children under 13.
They studied 5,855 Android apps designed specifically for children, revealing that about 57 percent of them were potentially in violation of COPPA for a variety of different reasons. Some apps were keeping information about a child's location and parent's email or phone number, while others accessed and transmitted sensitive data over unsecured networks.
Cybersecurity Program Chair at IU-Bloomington Scott Shackelford told Tom's Guide that he tied the issue to the larger cultural conversation being had over privacy and the information collected by digital platforms with or without consent.
"This important study highlights the sad fact that tech companies are simply not doing enough to comply with the regulatory requirements Congress has put into place to help protect vulnerable, and impressionable, kids," he said.
SEE: Android security and privacy start kit (Download.com)
"It's not a case here of not following the spirit of the law. They don't seem to be following even its letter. This should be a wakeup call to these developers, along with platforms like Google and Facebook that host them. It's past time to treat privacy--especially for minors--as the human right it is."
The researchers, hailing from the University of British Columbia, University of Calgary, University of California Berkeley, Stony Brook University, and the IMDEA Networks, pegged many of the problems on "free" game apps that often leveraged their access to children with advertisers.
Author Dr. Eric Cole told CNN that with so many companies violating the law, it can be difficult for federal authorities to keep up, adding that the people behind these apps often close shop when they get wind of potential fines and respawn under new names.
"A lot of these folks know they're breaking the law, but they're making $80,000 to $100,000 over a few months, so they're going to do it and they sort of stay one step ahead of enforcement," Cole said.
A significant amount of their criticism is aimed at Google, which they said needed to be more stringent with the apps they allowed in the Google Play Store and make sure apps were forced to follow certain Android security protocols. Of the apps they surveyed, 28 percent accessed sensitive data protected by Android permissions.
Almost 5 percent of apps collected geolocation data and parent information, while a whopping 40 percent transmitted sensitive data over the internet without security features that followed the Transport Layer Security (TLS) standard.
They did give Google some praise for their attempts to tailor its app store to COPPA guidelines, but said apps were often using third-party software development kits that, while not inherently wrong, were rife with features that grabbed and shared data.
In response to the furor over the report, Google released a statement to Tom's Guide saying: "We're taking the researchers' report very seriously and looking into their findings. Protecting kids and families is a top priority, and our Designed for Families program requires developers to abide by specific requirements above and beyond our standard Google Play policies. If we determine that an app violates our policies, we will take action. We always appreciate the research community's work to help make the Android ecosystem safer."
FOLLOW Download.com on Twitter to keep up with the latest app news.
They only tested Android apps because they are open source, but said iOS had its own issues as well. For parents seeking more advice on the security features of Android apps, the researchers created a website dedicated to helping users know the how their data is collected or used on Android apps.
Cole told CNN that if parents wanted to protect themselves and their children, they should turn off location services for certain apps, always buy the paid version of an app, use airplane mode when letting your child play games, and only choose well-reviewed and widely-downloaded games.
"One of the words I hate is 'free.' Because everyone thinks free is free. Free is not free. With free, you or your child is the product," he said.
- Many Android apps are in direct violation of federal child privacy laws designed to protect you and your child's location and personal information.
- Parents are advised to turn off geolocators for certain apps, allow their kids to play games only while in airplane mode and stick with highly rated apps.
- The 5 best Android password managers to keep safe your passwords
- Keep your files and messages safe with these encryption apps
- The 7 best antivirus for Android to keep your phone secure
- Supreme Court says warrant necessary for phone location data in win for privacy (CNET)
- Child protection coalition demands FTC probe into YouTube data collection (ZDNet)
- Could kids raised by tablets save cybersecurity in the UK? (TechRepublic)