According to a new study published by researchers affiliated with the International Computer Science Institute, thousands of free apps available in the Google Play store are tracking the online activity of children in such ways which violate U.S. privacy laws.
A team of university researchers and computer scientists, with the help of an automatic assessment of the privacy behaviors of the Android apps, arrived at a conclusion that of the 5,855 apps in the Play Store's Designed for Families program, almost 28 percent accessed the sensitive information protected by Android permissions and almost 73 percent of the applications transmitted the sensitive information over the internet.
Dormann works at the CERT Coordination Center (CERT/CC), and focused on the free tools that more people are likely to use, He found that while it was surprisingly common to find that keys, codes and passwords were embedded in apps - either through laziness or because that's how particular SDKs work - some apps were better at hiding what was happening than others. It is also possible that they may not have realized they were using this info for law-breaking purposes. The study found that over 200 of the apps examined collected location data of children without being granted permission by the parents. About 1100 apps shared persistent identifiers that could be utilized in behavioral advertising techniques, something that is debarred for use on kids by COPPA. For example, third parties were able to access user info "for restricted purposes" in 1,100 apps and 2,281 seemingly shared similar info to the Android Advertising ID. That implies those apps seem to be violating the Google policy.
Though the study reveals the upsetting situation in the app market, unfortunately, there is no legal action that can be initiated under the current terms of COPPA.
The reputation of Android apps has always been questioned when it comes to security.
The study used an automated testing process to determine how many apps were possibly in violation of the COPPA law of the United States. A recent analysis of free Android apps revealed that the developers are leaving behind the keys embedded in applications in some cases because the software developer kits install them by default.