AUSTIN (KXAN) – A new study out of the University of Texas at Dallas found 72 out of 100 Android apps aimed at children are gathering and sharing their data, a violation of the Children’s Online Protection and Privacy Act. Apps violating the law include Angry Birds and the Little Panda series of games. To help parents protect their children’s privacy, researchers are developing a program that will let parents know if an app is gathering data on their child.
Doctor Kanad Basu, an assistant professor of electrical engineering at UTD, led the team of researchers. “You might think, ‘This is a learning game, what harm can it do?’” Dr. Basu said. However, many apps share things like your name, location, phone number and your Android Advertising ID. The AAID allows advertisers to track your identity. “Whatever children are browsing, whatever their interests are, should not be anyone’s concern.” Dr. Basu said.
Angry Birds, one of the most popular gaming series on phones, violates COPPA by sharing Android Advertising ID’s. Rovio, the owner of Angry Birds, says the law doesn’t apply to them since Angry Birds isn’t meant for children. Despite this, there have been several lawsuits against the game company for violating COPPA, according to the New York Times.
Many of these companies, according to Dr. Basu, have been fined by the Federal Trade Commission for violating COPPA in the past. However, the apps remain on the store.
Dr. Basu and his fellow researchers uncovered the data with a tool they developed called COPPTCHA. This tool looks for fingerprints in the phone’s hardware that have been left behind after an app transmits data. These fingerprints are harder to hide since they are in the phone as opposed to in the app. Hardware, such as your physical phone, requires someone to take it apart to make alterations. As opposed to an app, which can be altered with a line of code from either a malicious hacker or the developers themselves. Dr. Basu says because of this, using hardware to track these violations is much more reliable.
When it is released, COPPTCHA will be free for Android users. Dr. Basu says ideally the tool will be released as an app that parents can easily use and access.
Until then, Android users have a couple of options if they are concerned about COPPA violations within their apps. The website “App Census” allows users to browse for the apps they use and discover the violations the app has or hasn’t committed. The website also allows users to look at different versions of the app, as updates could cause an app to lose its COPPA compliance status.
Android and Apple users have another option to check for COPPA compliance. KidSafe, ESRB, TrustArc and iKeepSafe all certify COPPA compliant apps. Parents can look for their seals to determine if a product is safe.