3,337 supposedly family and child-friendly Android apps illegally collect the data of minors. Researchers at the Berkeley International Computer Science Institute have found this out in an automated test process. This may also violate the US COPPA Act, which limits the collection of data for children under the age of 13. Surely, this collective anger violates the applicable from 25 May 2018 European Data Protection Regulation (GDPR), which in Germany under the cumbersome name “General Data Protection Regulation” (DSGVO) in German law has been implemented.
No consent Of the total of 5,855 apps studied in the study, 281 collected contact or location data from their users without the explicit permission of a parent. This although explicitly mandated by the General Data Protection Regulation and threatened with draconian penalties in case of violation.
Almost all (92 percent) of the 1,280 apps with integrated Facebook links do not intervene properly to restrict the use of data under the age of 13. The researchers emphasize that it is difficult for app store operators like Google to manually inspect applications when thousands of new apps are added every day.
Nevertheless, it is still very important to protect data of minors in particular. In addition, the US company Google will have a hard time with the entry into force of the General Data Protection Regulation to shirk its accountability here. After all, the DSGVO (GDPR) threatens with draconian fines of up to 4% of the company value and the penetration of subsidiaries, if companies refuse to respect the European Data Protection Act.
Test apps automatically “Although we can not track the total number of children’s apps on the Google Play Store, we believe our results are representative. The apps we examined represent the most popular free applications. We believe this study underscores the value of our automated app analytics. Developers could use our test to gauge how well their apps are compliant with privacy requirements, “the researchers conclude. Lawmakers and data protection authorities could also use the process to monitor and review suspicious activity in the future.