A University of Texas at Dallas study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children’s online privacy.
Study of 100 mobile apps for kids found that 72 violated a federal law aimed at protecting children’s online privacy
Dr. Kanad Basu, assistant professor of electrical and computer engineering in the Erik Jonsson School of Engineering and Computer Science and lead author of the study, along with colleagues elsewhere, developed a tool that can determine whether an Android game or other mobile app complies with the federal Children’s Online Privacy Protection Act (COPPA).
Children’s Online Privacy Protection Act (COPPA)
The researchers introduced and tested their “COPPA Tracking by Checking Hardware-Level Activity,” or COPPTCHA, tool in a study published in the March edition of IEEE Transactions on Information Forensics and Security. The tool was 99% accurate. Researchers continue to improve the technology, which they plan to make available for download at no cost. Basu said games and other apps that violate COPPA pose privacy risks that could make it possible for someone to determine a child’s identity and location. He said the risk is heightened as more people are accessing apps from home, rather than public places, due to the COVID-19 pandemic.
Risk heightened as more people access apps from home due to COVID-19 pandemic
“Suppose the app collects information showing that there is a child on Preston Road in Plano, Texas, downloading the app. A trafficker could potentially get the user’s email ID and geographic location and try to kidnap the child. It’s really, really scary,” Basu said.
Apps can access personal identifiable information, including names, email addresses, phone numbers, location, etc
Apps can access personal identifiable information, including names, email addresses, phone numbers, location, audio and visual recordings, and unique identifiers for devices such as an international mobile equipment identity (IMEI), media access control (MAC) addresses, Android ID and Android advertising ID. The advertising ID, for example, allows app developers to collect information on users’ interests, which they can then sell to advertisers.
“When you download an app, it can access a lot of information on your cellphone,” Basu said. “You have to keep in mind that all this info can be collected by these apps and sent to third parties. What do they do with it? They can pretty much do anything. We should be careful about this.”
Whenever an app transmits data, the activity leaves footprints that can be detected
The researchers’ technique accesses a device’s special-purpose register, a type of temporary data-storage location within a microprocessor that monitors various aspects of the microprocessor’s function. Whenever an app transmits data, the activity leaves footprints that can be detected by the special-purpose register.
Many popular apps do not comply with COPPA requirements
COPPA requires that websites and online services directed to children obtain parental consent before collecting personal information from anyone younger than 13; however, as Basu’s research found, many popular apps do not comply. He found that many popular games designed specifically for young children revealed users’ Android IDs, Android advertising IDs and device descriptions.
Parents strongly urged to use caution when downloading or allowing children to download apps
Basu recommends that parents use caution when downloading or allowing children to download apps.
“If your kid asks you to download a popular game app, you’re likely to download it,” Basu said. “A problem with our society is that many people are not aware of — or don’t care about — the threats in terms of privacy.”
Basu advises keeping downloads to a minimum.
“I try to limit my downloading of apps as much as possible,” Basu said. “I don’t download apps unless I need to.”
Researchers from the Georgia Institute of Technology, Intel Corp. and New York University also contributed to the work.
1. Kanad Basu, Suha Sabi Hussain, Ujjwal Gupta, Ramesh Karri. COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity. IEEE Transactions on Information Forensics and Security, 2020; 15: 3213 DOI: 10.1109/TIFS.2020.2983287
Razi Berry is the founder and publisher of the journal Naturopathic Doctor News & Review, which has been in print since 2005, and the premier consumer-faced website of naturopathic medicine, NaturalPath. She is the host of The Love is Medicine Project docuseries, The Natural Cancer Prevention Summit, The Heart Revolution-Heal, Empower and Follow Your Heart, and the popular 10-week Sugar Free Summer program. From a near death experience as a young girl that healed her failing heart, to later overcoming infertility and chronic fatigue syndrome and fibromyalgia through naturopathic medicine, Razi has lived the mind/body healing paradigm. Her projects uniquely capture the tradition and philosophy of naturopathy: The healing power of nature, the vital life force in every living thing and the undeniable role that science and mind/body medicine have in creating health and overcoming dis-ease. You can follow Razi on social media: Facebook at Razi Berry, Instagram at Razi.Berry and join the Love is Medicine group to explore the convergence of love and health. Look for more, and listen to more Love is Medicine podcast episodes here.