The UpStream

A Staggering Number of Child Privacy Violations in Google Play Store

posted Saturday Apr 21, 2018 by Scott Ertz

A Staggering Number of Child Privacy Violations in Google Play Store

Last week, it was revealed that YouTube might be knowingly violating COPPA, the Children's Online Privacy Protection Act. This law, which was enacted in 1998 and expanded in 2012, ensures that online services are not allowed to collect information about children or their activities online without the consent of their parents or guardians. It is the reason why many sites require a person to be 13 years old to sign up - to keep themselves far away from the issue.

In the wake of the Facebook privacy issues, a number of organizations have begun looking into other areas in which privacy might be a concern. In a report released this week, Google Play is filled with apps that could potentially violate COPPA. The researchers who wrote the report designed an automated tool and scanned 5,855 popular apps in the store, looking for violations. The results of the study were... not good.

Some apps collected the type of information you would expect, especially the Android Advertising ID, which is a user resettable key that is designed to track user behavior for advertising purposes. Because this ID is resettable without having to reset your phone, it is not guaranteed identifiable and therefore is less important. In the report, you can see a list of the most common services receiving the Android Advertising ID. The types of data being collected and transmitted to third parties that are a real concern are things like GPS location.

Obviously physically tracking a child without permission is not only a problem, it is creepy. Some of the apps tested, which are targeted exclusively to children, did just that. Included in this group was Disney with their Where's My Water? Free, which transmitted the Wi-Fi name to a third party for geolocation purposes.

Many of the third party APIs that received inappropriate data from these apps explicitly prohibit exactly what the apps are doing - transmitting unapproved child data. Again, Disney is in violation of one of these Terms of Service, along with other high profile apps, like Minion Rush from Gameloft and Duolingo, the language learning platform. In the report, you can see a list of the most common services receiving data.

While the report gives a lot of data on a lot of issues, there is one that remains at the forefront: COPPA itself. As the law stands right now, COPPA does not exactly apply to mobile apps. In fact, it specifically applies to web-based products. That does not exactly mean that there is no legal remedy available, or that by making consumers aware of COPPA-style violations, there is no direct remedy available. It's always possible that, through market pressure, companies will fix these issues on their own, or, failing that, COPPA might be expanded to cover non web-based products.

Games-as-a-Service Gets More Annoying as Puzzle Fighter to be Terminated

posted Saturday Apr 21, 2018 by Scott Ertz

Games-as-a-Service Gets More Annoying as Puzzle Fighter to be Terminated

At this point, many of us have been burned by the modern concept of games-as-a-service. For example, our team raged at the random cancelation of Sim City Social, an early big-budget entry into genre. This week, the now rather large graveyard GaaS titles grew a little larger with the announcement of the end of Puzzle Fighter.

The in-game store will close on Monday, April 23, 2018, while the servers will be shutdown on Tuesday July 31, 2018. The July closure will end the game entirely, only 8 months into its life. The reason why the game, which has a single player mode, will come to a close when the servers close is because of an always-on connection, which is required for the soon-to-be-closed store. Obviously, Capcom could save this 90s revival if they wanted to with a patch to prevent the online component or to open source the servers, but they have no intentions to do so. While the fate of the mobile version of the game is now sealed, there is no mention of the recently rated PC and console versions of the game, though it is an easy assumption that this software will never see the light of day, as the servers are going away.

This shutdown reminds us of the dangers and annoyances of the GaaS type of entertainment. It is beyond infuriating when a game, especially one with an in-game store, decide they no longer have value and go away. It's even worse when the title is not free-to-play (which Puzzle Fighterwas). Unlike games of the past, which are playable decades later, current games (including retail titles) sometimes have a lifespan under a year (see Battleborn as an example).

There is no game-specific reason given for the shutdown. In fact, according to Capcom, the blame falls on the team's rededication to Dead Rising. Of course, moving the developers to another project does not mean that the game would no longer function. Shutting down the servers would not be related to a focus on an unrelated title. It sounds like maybe Capcom has adopted the model of charge for digital goods and then move on to a new town.

Google Doubles Down on Unbelievably Confusing Messaging Strategy

posted Saturday Apr 21, 2018 by Scott Ertz

Google Doubles Down on Unbelievably Confusing Messaging Strategy

Over the past few years, it has been nearly impossible to understand what Google is up to when it comes to messaging. They have rolled out several services, all with a similar and tragic fate: abandonment. When the service isn't abandoned entirely, it has features stolen for another platform, as was the case with Google Hangouts, which lost features to Google Allo. Google Allo, the not quite WhatsApp clone, is the most recent service to be abandoned by the company. The service was never widely accepted, possibly because at launch the service didn't really work - at least not how anyone would have wanted.

The service launched with only an iPhone (not iPad) and Android phone (not tablet) app. To use the app, you needed to use your phone number (like WhatsApp), but only on a single device. If you logged in using the same number, the original device would log out and delete your profile and chats. It seemed that absolutely nothing was saved on the internet. That also explained why it took a full year before you could use the service on desktop, though the sign-in process was even more insane and still only supported a single desktop.

After only 19 months in service, Allo is officially being retired. That's probably file, being as no one was using it. The entire development team is being transitioned to a new project within Google named Chat (not Google Chat). While it would seem that Google's next desperate attempt at messaging would be an Android-focused close of iMessage, the company has another idea that is even less likely to succeed.

Chat is designed to be a carrier-backed Rich Communication Services platform, intended to help carriers support the decade-old messaging standard. RCS supports almost everything that iMessage supports, while being carrier and platform agnostic. In the US, the big 4 all support various and fragmented versions of RCS, but only Sprint supports the full standard. Chat would give carriers another way to implement the technology. Interestingly, the reason Sprint supports the full standard is because they use a platform called Google Jibe, which seems like it would be a direct competitor to Chat, another confusing decision from the company.

Google has worked with most of the carriers around the world, as well as over 50 manufacturers, to implement the technology. While Google claims that they expect it to be available within the year, comments from some carriers suggest otherwise. T-Mobile is expected to be complete in by the end of June, but Verizon and AT&T have not announced a timeline, while US Cellular has said they have no plans to implement it at all.

In addition to phased roll-out, the other issue with Chat being carrier-dependent is that, like SMS, it is not encrypted communication. That means that it will be susceptible to the same privacy issues as SMS. Governments can request your Chat history from your carrier, and the data they receive will be easily readable. Since RCS is internet-powered, someone on an unprotected Wi-Fi network could also get your data. This is different from how iMessage, Signal and Telegram, which are similar services, all perform, being fully encrypted.

YouTube Might Be Collecting Information about Children Illegally

posted Saturday Apr 14, 2018 by Scott Ertz

YouTube Might Be Collecting Information about Children Illegally

It's no secret that YouTube repeatedly finds themselves in trouble with one problem or another. Whether it be drive-by cryptominers in advertising or racism from its young comedians, there always seems to be a controversy going on with the network.

One of the repeated issues the company has experienced revolves around how they interact with kids. Previously, in their YouTube Kids app, their algorithms began allowing non-family friendly content to appear. In addition, on videos that are family friendly, incredibly sexual comments were appearing, as well. That ended with the company changing their policies, including curating the content manually, as opposed to by computer.

This week, YouTube's trouble with kids has increased. A collection of advocacy groups, numbering over 20, has filed a complaint with the Federal Trade Commission claiming that YouTube has knowingly violated the Children's Online Privacy Protection Act (Coppa). The law was passed in 1998 and expanded in 2012, and requires that companies that collect information about children acquire parental permission first. This law is the reason why many websites, including YouTube, require you to be 13 years old or older to use the service.

In the case of YouTube, their terms of service state that by using the service you agree that you are at least 13 years old, with the exception being YouTube Kids. The complaint, however, asserts that YouTube and parent Google are fully aware that kids under the age of 13 are using the service, including creating YouTube accounts, and willfully collect information about these kids and their browsing history without parental consent.

The group has plenty of proof of this, simply by looking at some of the videos on the site and the continuation of video trends specifically featuring children. However, the real problem that YouTube will be facing is the fact that the company has been running ads specifically targeted at younger audiences, on the primary service and not YouTube Kids. If they can convince the FTC of these facts, which seems fairly straight-forward, Google with almost certainly be facing another round of fines and a forced change to their business processes. More importantly, though, it will create a better environment for kids who are, without question, using the site.

Google Loses UK Case Forcing Public Data to be 'Forgotten'

posted Saturday Apr 14, 2018 by Scott Ertz

Google Loses UK Case Forcing Public Data to be 'Forgotten'

If you're unaware that the internet is having a renewed interest in privacy, then you have not been following the news. Facebook CEO Mark Zuckerberg spent part of the week in front of Congress because another company violated Facebook's terms of service. It has reminded people that many people regularly give personal information to a small number of companies, particularly Facebook and Twitter.

However, some companies collect a lot of information about us without us having to give it over. Google collects information about your browsing history, and browses the web on its own looking for information about any and all subjects. The browsing is what powers their primary service, Google Search. However, there are a lot of people who have done stupid things that have been immortalized by the internet and made searchable by Google.

In the European Union, a program called the Right to be Forgotten was implemented by Google, Bing, Yahoo and more. This program allows a person to petition the search engines to remove a listing that creates personal harm. None of the companies were keep to implement this ability, as it directly affects the quality of the search index, which means that the value of the search results is lowered.

Of course, there are a lot of incidents that don't need to be preserved. College applicants lose out on school because of a photo on Instagram. Job applicants lose out on a career because of something they posted on Facebook. But some information is entirely public, and therefore should be searchable. For example, if you have an arrest record, it's easy to find that information. Here in the Tampa Bay area, the counties themselves provide a way to look up arrest information.

In the UK, a suit was filed against Google by two in-named men, referred to as NT1 and NT2, for the company refusing to remove information from their search index upon request. Both of these men had arrest records and convictions: NT1 was convicted in the early 90s for conspiracy to account falsely, and NT2 was convicted in the early 2000s for conspiracy to intercept communications. Both of these men wanted Google to remove any reference to these convictions from the search results.

The case was closed this past Friday, with Mr. Justice Warby insisting that Google remove the results of NT2, but not NT1. The judge believed that the information about NT1 was of public interest, while the information about NT2 was not. Obviously, this decision will see appeals, and it is possible that the ruling will not stand. If it does, it will create a swarm of new cases in the EU of people with convictions hoping to make the internet forget.

Billy Mitchell's Reputation MAMEd by Emulation Software and Lies

posted Saturday Apr 14, 2018 by Scott Ertz

If you've ever seen the documentary The King of Kong, you'll recognize the name Billy Mitchell. He is the focus of the film, as he theoretically goes for 2 separate 1 million + point scores on the game Donkey Kong. For over a decade, Mitchell has been recognized as the first player ever to achieve the 1 million point barrier on the game. His scores have been recognized by Donkey King Forum, Twin Galaxies and Guinness World Records.

In February, Donkey King Forum removed Mitchell's high scores following an analysis of the footage submitted to support the score. After watching the video frame-by-frame, it was discovered that there was artifacting during level transitions. This is a scenario that only exists on early versions of the Multiple Arcade Machine Emulator (MAME) system, and not on the original arcade hardware. High scores, however, can only be counted if achieved on arcade hardware.

Following this revelation, Twin Galaxies did their own investigation, and agreed with DKF's analysis. They also discovered what appears to be inconsistencies in the game itself, suggesting that the footage is actually cut together from more than a single run, meaning that the score was completely manipulated, and therefore invalid. Twin Galaxies then removed the high scores from their board and banned Mitchell from appearing in the future, due to a decade of lying about his scores.

This left him with a single forum that recognized his score: Guinness. Unfortunately, Guinness uses Twin Galaxies as part of its verification team for videogame scores. Shortly after Twin Galaxies dismissed the scores, Guinness did, as well, leaving Mitchell with nothing but a documentary about him not accomplishing anything.

We're live now - Join us!
PLuGHiTZ Keyz

Email

Password

Forgot password? Recover here.
Not a member? Register now.
Blog Meets Brand Stats