A recent study of Android apps conducted by researchers from the International Computer Science Institute shows that thousands of Android apps may be tracking the online activity of children as well as their personal information which is a violation of US privacy laws.
The researchers conducted an “automatic evaluation of the privacy behaviors” of 5,855 Android apps which showed that 28% of them had access to sensitive data protected by Android permissions whereas 73% of the apps transmit sensitive data over the internet.
The most troubling findings were that nearly 256 apps collected geolocation data without parental permission, 107 shared user’s email address and 10 of them shared phone numbers.
About 40% of the apps were found sharing personal information without implementing reasonable security measures and 18.8% were guilty of sharing persistent identifiers with third parties for prohibited purposes.
Almost 2,281 apps (39% of those surveyed) seemed to violate Google’s term of service. Out of 1,280 apps in the study, 92% of them with Facebook APIs were not using the correct configuration options of the company to protect users the age of 13.
It is noteworthy that the researchers used an automated tool to analyze the apps which means it is not a “definitive legal liability”. But these apps may be in violation of the Children’s Online Privacy Protection Act (COPPA) as they did not acquire parental consent, thus violating a federal law which limits data collection on children under 13.
However, it is up to regulatory bodies like the FTC whether or not the developers of these Android apps will be held guilty of violating children privacy laws.