By Marília Wyatt
More than half of Android apps targeted explicitly at kids under 13 are not taking proper care to protect the confidentiality, security, and integrity of personal information collected from children, mobile app security researchers say.
The March 2018 study led by researchers at the International Computer Science Institute at the University of California, Berkeley—revealed that 40% of 5,855 apps analyzed do not use TLS, the standard method for securely transmitting data, in at least one transmission containing identifiers or other sensitive information. Researchers wrote that almost half of the examined apps may violate the U.S. privacy law, Children’s Online Privacy Protection Act (COPPA).
All the tested apps allegedly improperly collected and insecurely transmitted children’s data are part of Google’s Designed for Families program (DFF).
To be part of the DFF program means that developers have certified to Google that the intended audience includes children under 13, received guidance from Google on COPPA compliance, and affirmed their compliance with the children’s privacy law.
What can parents do?
Parents should consider understanding why apps are asking for certain permission access before they download games and other apps.
For instance, evaluate whether an app needs access to the camera or photos if the functionality is not needed for use. It’s also useful to research what data the app shares with third parties and how the app data is securing data.
To help parents understand their children’s app privacy implications, researchers published their results on AppCensus—a database that aims to provide app users “better transparency into how their mobile apps use and misuse their personally identifying information.”
Among the research highlights:
73% transmitted sensitive data over the internet.
40% shared children’s personal info insecurely.
39% violated Google’s terms regarding persistent identifiers.
28% accessed sensitive data protected by Android permissions.