Researchers with the International Computer Science Institute claim to have discovered thousands of free Android apps on Google Play that track the location of children, serve up targeted ads to kids, and perform other functions that are potentially in violation of the Children's Online Privacy Protection Act (COPPA). The researchers published their findings in a study (PDF) titled, "'Won't Somebody Think of the Children'? Examining COPPA Compliance at Scale."
"Based on our automated analysis of 5,855 of the most popular free children's apps, we found that a majority are potentially in violation of COPPA, mainly due to their use of third-party SDKs. While many of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggest that a majority of apps either do not make use of these options or incorrectly propagate them across mediation SDKs," the study states.
In addition, the study states that 19 percent of the children's apps observed collected identifiers or other personally indentifiable information even though the SDKs they're built on outright prohibit doing so. But it is the location tracking that might be most concerning to parents. The study found that over 200 of the apps examined collected location data of children without being granted permission by the parents.
"Many of the companies receiving location data are advertising firms whose business models rely on user profiling to perform behavioral advertising, which is explicitly prohibited by COPPA," the study added.
The findings come on the heels of Facebook CEO Mark Zuckerberg testifying before the US Congress about a major privacy scandal on Facebook. There is growing concern that free services and apps are mishandling user data and overstepping their bounds. As it pertains to this study, however, the apps appear to be acting in ways that are outright illegal. There is also a tie-in with Facebook—of the 1,280 apps in the study that integrated with Facebook, almost all of them (92 percent) did not correctly utilize the company's configuration options to protect users under the age of 13.
COPPA laws exempt platforms, hosting services, and distribution channels "that merely offer the public access to someone else's child-directed content," so Google is not likely to find itself in hot water over this. As for Apple and its App Store, the study only focused on Android applications.