Children’s Android Apps not privacy friendly finds Arrka study
While 29% apps took no permissions at all, 100% of the Apps tested had links to other Apps and 71% of the apps had access to storage. It was also found out that 56% of the permissions accessed were not required at all
Arrka Infosec Pvt. Ltd (Arrka), a niche player specializing in Data Privacy & Info Security, in their “Study on State of Privacy of Indian Apps and Websites – 2018” conducted a special study on Android Apps from India targeting children.
Apps were selected from the Google Play store, which categorizes children’s Apps based on age groups. The study concluded that children’s Apps are not Privacy-friendly and do not adhere to many basic Privacy Principles & Practices. It was also concluded that factors like lack of consent, excessive permissions and needless privacy-intrusive features like in-App ads and in-App purchase options are some of the reasons making children’s Apps vulnerable and at-risk.
Commenting on the study, Shivangi Nadkarni, CEO – Arrka, added that “Children are a particularly vulnerable category of online users. Hence, this year, as part of our study on the ‘State of Privacy of Indian Apps and Websites-2018’, we decided to bring special focus on children’s Android Apps. Though it was heartening to see that 29% Apps took NO Permissions at all, 100% of the Apps tested had links to other Apps and 71% of the Apps had access to Storage. It was also found out that 56% of the permissions accessed were not required at all.“
The study also highlighted that 71% of the Apps were found to contain In-App ads, and, further, the Ads were not found to be child-safe. For eg., Ads shown were for shopping, part-time studies, women entrepreneurs, real estate, physiotherapy and healthcare. Ads were also found redirecting the user to other websites without any consent.
Some of the other Key Findings of the Report are :
43% Apps offered In-app purchase options. No consent or verification of an adult was found required to make the purchases.
29% of Apps did not have a Notice addressing children under age 13. In 86% Apps, consent was not being taken. Even when consent was being taken, there was no verification to check if the person was an adult.