1 of 2
Jeff Chiu, AP
Phone apps intended for children have been illegally compiling data on its users, according to a new study.

SALT LAKE CITY — The tech privacy world has been obsessed with Cambridge Analytica grabbing data from millions of Facebook users. But an international study is turning attention to the online privacy of young children.

The International Computer Science Institute (ICSI) has found that the majority of free Android apps aimed toward kids are potentially collecting and doling out all sorts of information about them.

Not only is this disturbing, it’s likely illegal.

The study looked at nearly 6,000 apps in the Google Play Store admitted into the Designed for Families program. These apps are supposedly in accordance with the Children’s Online Privacy Protection Act (COPPA). In the United States, COPPA rules are intended to protect kids by restricting certain actions by online services directed to kids under 13. They are prohibited from collecting, using and sharing the personal information of those under age 13, unless a parents grants explicit permission.

The study found the majority of the 5,855 apps in potential violation of COPPA. While some of the violations may be unintentional, it’s unsettling to learn that 73% of these apps transmitted sensitive data over the internet.

The study noted an egregious example from app developer TinyLab. The company has 82 apps in this category, such as “Fun Kid Racing” and “Motocross Kids.” 81 of TinyLab’s apps shared GPS coordinates with advertisers. In all, 281 apps in the study collected geolocation data without asking for a parent’s permission. Another developer, BabyBus, has 37 apps that were sending out the names of Wi-Fi hotspots and the currently connected Wi-Fi access point (which can potentially be used to determine location). The Federal Trade Commission cracked down on the Singapore-based company InMobi two years ago for doing something very similar. InMobi paid $950,000 in penalties for tracking children without parental consent.

The study also found 107 apps shared the device owner’s email addresses, and 10 even shared phone numbers.

Understandably, it must be difficult for Google to keep up on its vetting process for apps, and its enforcement of the rules in the “Designed for Families” program. According to App Brain, Google added more than 2,700 apps daily to the Google Play store in March.

The researchers point out to the Washington Post that they suspect most of the developers in violation do not have nefarious intent. But it’s unlikely most parents want this type of information collected on their children, even if by accident.

There are ways parents can fill in the privacy gap and ensure their kids’ information stays safe.

First, be aware of what apps your children are downloading. Use Family Share for iOS or the Google Play Family Library for Android to require parental permission before a child can download an app.

Know how COPPA works. If an app wants to collect your kids’ information, you should receive notice (in plain, easy-to-read language) about what personal details the app will collect, and how it will use that information. That notice could come in the form of an email, a phone call, or it could simply pop up on the screen. If you decide to allow it, the company has a legal obligation to keep all collected information secure.

Read the privacy policy and terms of service. I know it’s a pain, but that is the only way you will know what the company plans to do with your child’s information. Parents also have the option to allow an online service to collect personal information, but not share it with others.

Know your rights. The FTC notes that after giving permission, parents have the right to review the information collected. You may also retract consent at any time and ask to have any of the collected data deleted.

Comment on this story

Note that this study only involved Android apps, which is an open platform. Google gives Android away to other smartphone makers for free, and has more lenient restrictions for its App Store than Apple’s. The study’s authors point out their belief that Apple has strict restrictions and a thorough review process for third party apps.

ICSI has made its findings available and searchable on the AppCensus website. If you’re curious about the apps your kids use and what information they might be gathering and sharing, check it out. If you find something you don’t like, submit a complaint to the FTC.

Click here to watch Amy Iverson discuss data sharing on KSL's "Studio 5."