At least 3,337 Android apps, targeted at children and families, have improperly collected data about its users. The apps also sent the data to third-parties such as advertisers, according to a report from the International Computer Science Institute (ICSI).
The ICSI analyzed nearly 6,000 apps. Of those, 281 collected contact data and the location of the child without asking permission of the parents. Also, 1,100 apps shared sensitive data with advertising networks which track user behavior to target advertisements. Most of the networks explicitly forbid the usage of data about children.
Google’s terms were violated by 2,281 apps by sharing information that can be used to profile a user for e.g. very targeted advertisements. In 40% of the cases, the collected data was also sent without proper encryption.
The 1,280 apps with a Facebook connection used in 92% of the cases not the required measures to lock out children younger than 13 year. The social network only allows children of 13 years and older to join.
“These problems are rampant, and it’s resulting in kids being exposed to targeted advertising and automatic profiling that could be illegal,” said Serge Egelman, one of the authors of the report in an interview with Education Week.
Google has to check thousands of apps each day that are submitted to its Play Store. In March an average of 2,700 were submitted to the app market. The process is mostly automated.