A Staggering Number of Child Privacy Violations in Google Play Store

posted Saturday Apr 21, 2018 by Scott Ertz

Last week, it was revealed that YouTube might be knowingly violating COPPA, the Children's Online Privacy Protection Act. This law, which was enacted in 1998 and expanded in 2012, ensures that online services are not allowed to collect information about children or their activities online without the consent of their parents or guardians. It is the reason why many sites require a person to be 13 years old to sign up - to keep themselves far away from the issue.

In the wake of the Facebook privacy issues, a number of organizations have begun looking into other areas in which privacy might be a concern. In a report released this week, Google Play is filled with apps that could potentially violate COPPA. The researchers who wrote the report designed an automated tool and scanned 5,855 popular apps in the store, looking for violations. The results of the study were... not good.

Some apps collected the type of information you would expect, especially the Android Advertising ID, which is a user resettable key that is designed to track user behavior for advertising purposes. Because this ID is resettable without having to reset your phone, it is not guaranteed identifiable and therefore is less important. In the report, you can see a list of the most common services receiving the Android Advertising ID. The types of data being collected and transmitted to third parties that are a real concern are things like GPS location.

Obviously physically tracking a child without permission is not only a problem, it is creepy. Some of the apps tested, which are targeted exclusively to children, did just that. Included in this group was Disney with their Where's My Water? Free, which transmitted the Wi-Fi name to a third party for geolocation purposes.

Many of the third party APIs that received inappropriate data from these apps explicitly prohibit exactly what the apps are doing - transmitting unapproved child data. Again, Disney is in violation of one of these Terms of Service, along with other high profile apps, like Minion Rush from Gameloft and Duolingo, the language learning platform. In the report, you can see a list of the most common services receiving data.

While the report gives a lot of data on a lot of issues, there is one that remains at the forefront: COPPA itself. As the law stands right now, COPPA does not exactly apply to mobile apps. In fact, it specifically applies to web-based products. That does not exactly mean that there is no legal remedy available, or that by making consumers aware of COPPA-style violations, there is no direct remedy available. It's always possible that, through market pressure, companies will fix these issues on their own, or, failing that, COPPA might be expanded to cover non web-based products.

F5 Live: Refreshing Technology

April 22, 2018 - Episode 498

Sunday Apr 22, 2018 (01:30:17)

Description

This week, mobile messaging gets more confusing, Capcom shows why free-to-play is annoying and AT&T announces a new streaming service under oath.

Participants

Scott Ertz

Host

Scott is a developer who has worked on projects of varying sizes, including all of the PLUGHITZ Corporation properties. He is also known in the gaming world for his time supporting the rhythm game community, through DDRLover and hosting tournaments throughout the Tampa Bay Area. Currently, when he is not working on software projects or hosting F5 Live: Refreshing Technology, Scott can often be found returning to his high school days working with the Foundation for Inspiration and Recognition of Science and Technology (FIRST), mentoring teams and helping with ROBOTICON Tampa Bay. He has also helped found a student software learning group, the ASCII Warriors, currently housed at AMRoC Fab Lab.

Avram Piltch

Host

Avram's been in love with PCs since he played original Castle Wolfenstein on an Apple II+. Before joining Tom's Hardware, for 10 years, he served as Online Editorial Director for sister sites Tom's Guide and Laptop Mag, where he programmed the CMS and many of the benchmarks. When he's not editing, writing or stumbling around trade show halls, you'll find him building Arduino robots with his son and watching every single superhero show on the CW.

Opening

Powered by TeknoAXE

Nifty Gifties

Powered by Microsoft Store

Google Doubles Down on Unbelievably Confusing Messaging Strategy

Over the past few years, it has been nearly impossible to understand what Google is up to when it comes to messaging. They have rolled out several services, all with a similar and tragic fate: abandonment. When the service isn't abandoned entirely, it has features stolen for another platform, as was the case with Google Hangouts, which lost features to Google Allo. Google Allo, the not quite WhatsApp clone, is the most recent service to be abandoned by the company. The service was never widely accepted, possibly because at launch the service didn't really work - at least not how anyone would have wanted.

Piltch Point with Avram Piltch

Powered by Monster Products

Extra Life

Powered by Razer

Games-as-a-Service Gets More Annoying as Puzzle Fighter to be Terminated

At this point, many of us have been burned by the modern concept of games-as-a-service. For example, our team raged at the random cancelation of Sim City Social, an early big-budget entry into genre. This week, the now rather large graveyard GaaS titles grew a little larger with the announcement of the end of Puzzle Fighter.

News From the Tubes

Powered by RiffTrax