A study of 100 mobile apps for children by the University of Texas at Dallas found that 72 violated a federal law aimed at protecting the privacy of children online.
Dr. Kanad Basu, assistant professor of electrical and information engineering at the Erik Jonsson School of Engineering and Computer Science and lead author of the research, and colleagues elsewhere, has built a method that can assess if an Android device or other smartphone program complies with the Children’s Online Privacy Act (COPPA).
In a report reported in the March edition of IEEE Transactions on Data Forensics and Security, the researchers presented and checked their “COPPA Monitoring Through Testing Hardware-Level Operation,” or COPPTCHA method. The tool was 99% accurate. Researchers keep developing the technologies they are hoping to make accessible for free at no discount. Basu said games and other applications that breach COPPA pose privacy threats that could cause anyone to assess the identity and position of a child.
“Suppose the app collects information showing that there is a child on Preston Road in Plano, Texas, downloading the app. A trafficker could potentially get the user’s email ID and geographic location and try to kidnap the child. It’s really, really scary,” Basu said.
Apps can access personal identifying details, including names, email addresses , telephone numbers, venue, audio and video records, and specific user identifiers such as an foreign mobile system identification (IMEI), media access control ( MAC) passwords, User ID and User ad ID. For starters, the advertisement ID helps device developers to collect knowledge regarding the preferences of the customers, which they would then sell to advertisers.
“When you download an app, it can access a lot of information on your cellphone,” Basu said. “You have to keep in mind that all this info can be collected by these apps and sent to third parties. What do they do with it? They can pretty much do anything. We should be careful about this.”
The researchers’ technique accesses a special purpose register of a device, a type of temporary data-storage location within a microprocessor that monitors various aspects of the function of the microprocessor. Whenever an app transmits data, the activity leaves footprints which the special purpose register can detect. COPPA requires that websites and online services aimed at children obtain parental consent before collecting personal information from anyone younger than 13; however, many popular apps do not comply, as Basu’s research found. He noticed that several popular games specifically planned for young children disclosed Android IDs, Android advertisement IDs and app specifications for users.
Basu advises that parents take care when installing applications or encouraging kids to access them.
“If your kid asks you to download a popular game app, you’re likely to download it,” Basu said. “A problem with our society is that many people are not aware of—or don’t care about—the threats in terms of privacy.”
Basu recommends to hold downloads down to a low.
“I try to limit my downloading of apps as much as possible,” Basu said. “I don’t download apps unless I need to.”
