Android children’s apps are tracking locations
April 17, 2018
Mark Zuckerberg testified before congressional committees last week; the Cambridge Analytica scandal continues to shake the tech world and has users in an uproar. However, a new tech giant has most recently been pulled into the spotlight of scandal. When researchers at the International Computer Science Institute in Berkeley, California, analyzed 5,855 of the most popular free Android apps, a shocking 57 percent appeared to be in potential violation of the Children’s Online Privacy Protection Act. This 1998 law looks to protect the privacy of users under the age of 13. COPPA “prohibits certain data collection practices, and requires parental consent for others,” according to the Berkeley study.
The ICSI study gave alarming reports of companies participating in deceptive practices unknown to many of their consumers. BabyBus, a company specializing in games for young children, was observed “transmitting hardware and network configuration details to a Chinese analytical company called TalkingData,” the study found.
BabyBus is the creator of 37 apps, and every app was sharing information internationally such as the names of Wi-Fi hotspots, their MAC addresses, as well as devices currently connected to the Wi-Fi. This information could potentially be used as a proxy to find a location. The most terrifying fact of that report is that the BabyBus tailors and markets their apps, according to their advertisements, for “over 200 million fans aged 0-6 around the world.”
For human services major Shyannah Burns, a sophomore, the fact that this study shows the tracking of kids is especially troubling.
“Kids don’t have a voice until they are adults, so if someone steals their identity then who knows what could happen,” Burns said. “They have less security.”
Other information from the study finds that potential violations abound, as “5 percent of apps collect location or contact data without verifiable parental consent, 19 percent of apps use SDKs (software development kits),” even though these are explicitly prohibited in apps geared toward children due to the user profiling and behavioral advertising.
When told about the breach in security, sophomore criminal justice major Karla Robles was not surprised.
“I think the whole kids situation is wrong, but I’m kinda indifferent about the adults because I knew from the beginning that they were listening in,” Robles said. “I don’t like it, but there isn’t much I [can] do.”
Another 19 percent of children’s apps collect some kind of identifier “or other personally identifiable information” using the same SDKs. The high rates of data sharing are worrisome, and show that tech companies still have a long way to go when it comes to complying with the regulatory requirements Congress has set. COPPA was put in place to help parents protect how much of their children’s personally identifiable information is collected and shared. However, a large number of these apps have removed the parents’ intervention and consent.
Burns continued, saying, “each citizen has a right to privacy and when you sign in to social media, you accept the terms and conditions that say they will protect your privacy. [When you hear about these breaches,] do you need to worry about someone stealing my info. I’m upset that my rights and freedoms are being infringed upon.”
The new study by the International Computer Science Institute is uniquely shocking as it give new insight for parents about the impact of children’s apps. With Facebook still dousing the fire of Cambridge Analytica, and the newest scandal in Android and Google Play, individuals continue to analyze the consequences of social media and privacy.