Is Your Child's Data at Risk? Privacy Concerns Surround Google Play
New research suggests that almost a quarter of Google Play Store apps designed for children violate the UK's Information Commissioner's Office (ICO) design code. The study, which was carried out by consumer group Comparitech, analyzed more than 400 applications on Google Play in the children / kids category.
The group published the findings of a similar analysis last year, which analyzed US' COPPA regulations violations on Google Play. Back then, it discovered that nearly 1 in 5 apps "breached these rules".
The Internet has not only taken the adult world by storm, but also that of many children. Electronic devices are put into the hands of many children at an early age, and many of them come with Android and a connected Store. Apps and games can be downloaded from the connected stores, and specific children sections in the stores lists only apps and games that the developers consider suitable for minors.
Google Play has regulations for apps and games designed for children. There is a specific category for children, which, according to Google, contains only children-friendly applications and games.
Privacy analysis found violations
Comparitech analyzed the privacy policies of over 400 apps in the children's section on Google Play to find out whether these would meet the 15 standards set by the ICO's age-design code.
These standards are a set of rules for online services to comply with UK data protection law. Standards include having the best interests of the child, high privacy by default, age appropriateness, and data minimisation. Comparitech also looked at the data gathering of the apps.
The organization discovered that nearly 25% of apps that it reviewed had possible violations of the ICO's guidelines. These apps were downloaded more than 383 million times. All had an expert-approved badge, which is a special badge that applications receive from "teachers and children's education and media specialists" according to Google.
Comparitch's researchers discovered that 5.5% of the privacy policies suggested that the apps were not intended for children, even though they had PEGI 3 or PEGI 7 ratings. PEGI 3 suggests an app is suitable for all ages, PEGI 7 for children 7 and up.
More than 11% of the apps collected personal data "without a child-specific policy or were vague, open to interpretation, or unclear". An additional 4% used data collection practices without parental permission or protocols on place.
About 23% of apps with possible violations suggested that the apps were not targeting children. Privacy policies included statements such as "Our services do not address anyone under 18", but the app age rating was still labeled as PEGI 3 or PEGI 7.
The researchers sorted apps into six different categories based on their potential violations of the ICO code.
According to the study, the vast majority of apps that could be violating ICO rules collect personal identifiers, such as the IP address of a device. Many of the apps classify IP addresses as non-personal information, even though it may be used to locate a user.
Google responded to the study, stating that it "takes the protection of children on its platform seriously".
