Thousands of free children's apps for Android devices may be violating a federal law aimed at protecting the privacy of minors younger than 13, according to a new report.
For the report, "'Won't Somebody Think of the Children?' Examining COPPA Compliance at Scale," researchers at the International Computer Science Institute at the University of California, Berkeley examined 5,855 of the most popular free children's apps.
Around 57% of those apps may have violated the Children's Online Privacy Protection Act, the study found. That law prohibits app developers from knowingly collecting a host of data -- including names, email addresses, device ids, geolocation information and other "persistent identifiers" -- from children younger than 13 without their parents' consent.
Researchers specifically found that 28% of the examined apps accessed sensitive data. That figure includes 256 apps that collected geolocation data, 107 that shared the owner's email address and 10 that shared the owner's phone number.
"Given the lack of verifiable parental consent, just accessing this data appears to be a potential violation, based on the FTC’s guidance," the authors write in the study, which was published last week.
Researchers also found that 2,281 apps (39%) transmitted Google's Advertising identifer along with other persistent identifers to third parties, in violation of Google's terms of service.
The report notes that the app developers may have defenses to allegations that they violated children's privacy rules. "COPPA includes language that outlines exemptions to some of its requirements, and so our system is unable to account for the full range of possibilities that those exemptions may cover," the report states.
The new study was published the same week that advocacy groups alleged in a Federal Trade Commission complaint that YouTube collects data from young children without their parents' consent.