Research has revealed that the apps were not only collecting phone numbers, emails and location data (5 percent), but they were also sharing sensitive information with third-parties (19 percent) which was specifically forbidden to prevent tracking and behavioral advertising. And since many of these apps have those violations buried deep in their code or via third-party code the app buys and uses, it may well be impossible for the average parent to determine which apps are safe. It also appears many of these apps are the equivalent of a vehicle cobbled together with spare parts lying around; developers just find code that solves the problem, bolt it onto their app, and ignore the giant booklet of warnings that comes with it.
The apps targeted at children, were downloaded 750,000 times, on an average. "These techniques include not shipping the malicious functionality of an app until a second stage that is triggered by some behavior".
To go along with the launch, Google has also released a companion app for Android on Google Play. The latest finding could be another big revelation related to user privacy following Facebook's Cambridge Analytica scandal. After the app gets installed it switches on the microphone and records conversations as well as track location of the user and steals contact, calls, and text related information.
The study's authors used an automated analysis on apps that agreed to abide by COPPA as part of their inclusion in the Designed for Families program, but it found that 28 percent of them still accessed sensitive data and 73 percent of them transmitted sensitive data over the Internet.
"If a robot is able to click through their consent screen which resulted in carrying data, obviously a small child that doesn't know what they're reading is likely to do the same", Egelman said.
"It is particularly striking that Google's warnings emerged at a time of speculation around an Unlockd IPO in mid-April 2018".
The study also looked at how the apps were transferring the data, and found that 40 percent of them failed to do it in a secure way.
Almost all of the 1,280 apps (92%) with Facebook tie-ins were not properly using the social network's systems to prevent under-13 use.
Only a week after it was alleged that YouTube violated USA laws that protect children's online privacy, a study has claimed a majority of popular free children's apps in the Google Play Store are also in breach of these rules. The security measure is the "standard method for securely transmitting information", the researchers said.