In recent years, data privacy has attracted more attention. For example, after the false news storm, Facebook was once again caught in the data collection scandal of Cambridge Analytica . However, a new study by the International Institute of Computer Science pointed out recently that thousands of Android apps are suspected of violating the Children’s Online Privacy Protection Act (COPPA). Contrary to allegations previously faced by YouTube, there are still some uncertainties as to who should bear legal responsibility and whether there are obvious violations.
The disclosure of private data is already a very bad thing. But when the muzzle is aimed at children, things become even more terrible.
It is reported that researchers have developed and used an automated tool that analyzes 5,855 Android apps labeled family-friendly. The result is very disturbing:
- 5 percent of the apps included in the study collected users’ location or contact data (such as phone number or email address) without first obtaining parental consent.
- 1,100 of the apps (19 percent of those studied) shared sensitive information with third-party services whose terms of service explicitly prohibited their use in children’s apps, likely because they are engaged in behavioral advertising.
- 2,281 apps (39 percent of those studied) appeared to violate Google’s terms of service regarding the sharing of persistent identifiers (which provide unique information that can be associated with an individual over time and across platforms, apps, or devices.)
- 40 percent of the apps in the study shared users’ personal information via the internet without applying reasonable security measures.
- Of the 1,280 apps included in the study that integrated with Facebook, 92 percent did not correctly utilize the company’s configuration options in order to protect users under 13.
Worse than these data are, because the COPPA Act itself is not strong enough or strict, the relevant departments cannot pursue possible violations, resulting in further deterioration of the situation. “The FTC interprets the COPPA very strictly and limit’s the law’s application to online services that are either directly targeted at users under 13 years old or have actual knowledge of having such users.”
What needs to be pointed out is that Duolingo, a hotly-spoken language learning service provider, has even appeared on the gray list – even if it claims to be an application for a broad audience, it is not suitable for applying the COPPA Act.
Multi-neighboring countries admit to sending information to third parties, but interpreting this data is only used to fix bugs or crashes of applications.