Unlike other developed countries, the U.S. lacks comprehensive privacy regulation, except for the Children’s Online Privacy Protection Act (COPPA). COPPA governs data collection from children under 13.
However, my research team has found that up to 57% of child-directed mobile apps may be violating COPPA. We studied almost 6,000 kids’ Android apps and found numerous potential COPPA violations due to third-party software libraries: 5% transmit location or contact information to advertisers, 40% fail to secure transmissions, and over 50% appear to perform prohibited tracking and profiling.
Our results show the need for more enforcement and accountability.
The full study can be found here.
– Serge Egelman, Director, Berkeley Laboratory for Usable and Experimental Security (BLUES)