We've got a robust COPPA compliance program, and also we keep data collection and use procedures for Disney apps made for family members and kids, &rdquo.
The researchers conducted an "automatic evaluation of the privacy behaviors" of 5,855 Android apps which showed that 28% of them had access to sensitive data protected by Android permissions whereas 73% of the apps transmit sensitive data over the internet.
COPPA, a law approved in 1998 and revised in 2003, prohibits applications from collecting the private information of children under 13 without a parent's specific consent.
For example, developers creating apps that span wide audiences might legitimately collect data from adults but struggle to avoid harvesting children's data.
"Each of the 5,855 apps under review was installed more than 750,000 times, on average, according to the study, which was called "'Won't Somebody Think of the Children? Using a Nexus 5X phone, researchers downloaded top apps targeted toward kids from November 2016 to March 2018, running them for about 10 minutes to simulate an actual user. After the analysis of over five thousand kids and family focused apps, it is proved that about 19 percent of the apps share sensitive information to third-party services whose terms of services forbid them to use kid's app, as they are engaged in behavioral advertising. YouTube, which Google also owns, was is the subject of a complaint filed earlier this month in which privacy groups said it was also violating COPPA. The researchers from the International Computer Science Institute had a closer look at thousands of kid's android apps and concluded that majority of the children's games are violating the law.
This new study comes out just days after Android smartphone manufacturers were criticized by security researchers for misleading users into thinking their devices have the latest security patches. If it's this easy for app developers to skirt around the rules (whether they're doing so purposefully or incidentally), Google is going to need to do more than "take action" against individual apps.
Ron Amadeo from ArsTechnica was successful in spotting the changes in the design of the Android P, as Google removed the original screenshot that showed the layout of buttons. Without iOS data, it's also unclear how common this problem is across platforms. No doubt we'll be hearing more about this sort of thing when Google reveals what Android P will be able to do at I/O next month.
Part of the potential violations at hand include the nugget that 92 percent of the 1,280 apps that plug into Facebook's API may be using it for activities prohibited by COPPA.
Up to 2,344 children's apps transferring collected data did not use TLS encryption, a security standard that makes sure the data and its recipient are authentic.