A recent study conducted by data privacy services company Arrka sheds light on the alarming data collection practices found in children’s apps, with Google and Facebook emerging as the primary recipients. The study, examined 60 children’s Android applications from various categories, like permission, Personal Data Sharing with 3rd Parties, and Privacy Notices. It discovered that Google collects 33 percent of the data from these apps, closely followed by Facebook at 22 percent.
Notably concerning is the fact that 85 percent of the surveyed apps accessed at least one “dangerous permission,” allowing them to collect highly sensitive data. Permissions granted access to stored files (73 percent), microphones (46 percent), cameras (43 percent), phone numbers (38 percent), contacts (27 percent), and exact location (23 percent). Edtech, childcare, and coding apps were identified as the most prevalent culprits, with two-thirds of childcare and ed-tech apps accessing children’s precise location and 100 percent of Ed-tech and coding apps accessing the camera.
Furthermore, the study discovered that 80 percent of children’s apps contained analytics trackers, while 54 percent contained advertising trackers. Gaming, ed-tech, and coding apps were found to have the most trackers, with gaming having 11 and ed-tech having 10 overall for tracking.
Tests were also done with regard to the readability of the information presented in the privacy notice for an average Indian Children’s app rated 34/100 on the Readability Scale. This represents approximately 57 percent of the Internationally Accepted Readability Score, the score for Children’s Apps is 10 percent higher than General Apps, but it’s still significantly below the International Standard.
The study also found that Indian apps have different age-gating mechanisms than their global counterparts. The report found that only 35 percent of Indian apps collect the user’s date of birth, compared to 60 percent and 55 percent for US and EU apps, respectively. Furthermore, around thirteen percent of Indian apps limit access to specific features based on age, as compared to 63 percent and 80 percent for US and EU apps, respectively.
The Digital Personal Data Protection Act (DPDPA), passed in August the previous year, seeks to prevent data misuse that could harm children’s well-being. However, the study found that Indian apps still have a long way to go in terms of compliance. As only 38 percent of Indian children’s apps included a section for parents in their privacy policies, compared to 83 percent for similar apps in Europe and 67 percent for US apps. Also, 35 percent of Indian apps had a separate privacy policy for children, compared to more than 50 percent of US and EU apps.
The study emphasized the need for greater transparency in Indian children’s apps, citing shortcomings such as the lack of a dedicated section for parents in privacy policies. Furthermore, children’s apps in India have significantly more in-app ads than their global counterparts.
As concerns about children’s data privacy grow, this study highlights the urgent need for laws and greater awareness to protect the sensitive information of young users.