Thousands of Apps for Kids Insecurely Transmit Data, Report Says

By Marilia Wyatt, CyberPrivacy

More than half of Android apps targeted explicitly at kids under 13 are not taking proper care to protect the confidentiality, security, and integrity of personal information collected from children, mobile app security researchers say.

The March 2018 study led by researchers at the International Computer Science Institute at the University of California, Berkeley—revealed 40% of 5,855 apps analyzed do not use TLS (the standard method for securely transmitting data) in at least one transmission containing identifiers or other sensitive information.  This means that almost half the examined apps may be in violation of the U.S. privacy law, Children’s Online Privacy Protection Act (COPPA), researchers wrote.

Apps with poorly/missing TLS configurations can increase the risk of man-in-the-middle attacks, remote code execution, and unauthorized information disclosure.

All the tested apps that allegedly improperly collected and insecurely transmitted children’s data are part of Google’s Designed for Families program (DFF).   

To be part of DFF program means that developers have certified to Google the intended audience includes children under 13, received guidance from Google on COPPA compliance, and affirmed their compliance with the children’s privacy law.

What can parents do?

Parents should consider understanding why apps are asking for certain permission access before they download games and other apps. For instance, evaluate whether an app needs access to the camera or photos if the functionality is not needed for use. It’s also useful researching what data the app shares with third-parties and how the app data is secured during transmission and storage, as inadequate protections can significant increase privacy and cybersecurity risks.

To help parents understand their children’s app privacy implications, researchers published their results on AppCensus—a database that aims to provide app users “better transparency into how their mobile apps use and misuse their personally identifying information.”

Among the research highlights:

73% transmitted sensitive data over the internet. 

40% shared children’s personal info insecurely.

39% violated Google’s terms regarding persistent identifiers.

28% accessed sensitive data protected by Android permissions.

Further Reading: 

Thousands of Android Apps Potentially Violate Child Protection Law

Report Finds More Than Half of Android Apps for Children Are in Violation of COPPA

Please leave us a comment

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s