Over 3,000 free Android apps violate kids’ US privacy law

It’s already tough for users to understand app permission requests to access various features on their phones. Kids who download game or language apps face an even tougher time understanding what they are giving up in exchange. Because we rarely pay attention to what we agree to, random apps, and implicitly third-parties, get access to our device’s camera, GPS or microphone, and even our email or contact list.

More than 3,300 free Android apps track children’s activity and collect contact or location data without parental consent, research has shown. After developing an automated testing tool, researchers scanned almost 6,000 family- and child-oriented Android applications in Google Play to identify possible issues in their data privacy policy. One example is language application Duolingo, which made the bad list for sending the data collected to third-parties.

Research has revealed that the apps were not only collecting phone numbers, emails and location data (5 percent), but they were also sharing sensitive information with third-parties (19 percent) which was specifically forbidden to prevent tracking and behavioral advertising. As many as 39 percent were in violation of Google’s terms of service that forbid sharing identifiers, and 40 percent shared personal information online without ensuring the data is secured. Facebook-integrated apps were breaking the law because they didn’t protect users under 13 years of age.

Although some potentially violate the US Children’s Online Privacy Protection Act (COPPA) by collecting more data than the law stipulates, legal action may not be in the cards under the current law, even though it limits data collection for kids under 13. Because some applications fall in a grey area, the FTC will ultimately decide what actions will be taken to remediate the situation.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Luana Pascu. Read the original post at: