Android apps for children were actually stealing user data

Image Credit: Pixabay

Google has removed a number of popular Android apps from its Play Store after they were found to violate its own data collection rules. The International Digital Accountability Council (IDAC) informed Google that Princess SalonNumber Coloring and Cats & Cosplay, which collectively have over 20 million downloads, were breaching company policy, leading to their removal.

“The practices we observed in our research raised serious concerns about data practices within these apps,” IDAC’s president Quentin Palfrey said. “We applaud Google for taking steps to enforce on these apps and the third-party data practices within these apps.”

As Palfrey suggests, it is not the app’s code itself that violated Play Store rules, but the third-party frameworks that they are built upon. The apps used versions of the Unity, Appodeal and Umeng SDKs, all of which collected Android ID and Android Advertising ID data. In doing so, it was possible for them to violate Google’s privacy protection regulations.

Privacy breach

It doesn’t seem like these violations were intentional and it’s not possible to tell how much, if any, user data was taken by the three apps in question. However, because these apps were aimed at children, any potential breach, particularly one like this that could be used to track users, should be taken very seriously,

At least two of the developers of the removed apps, Creative APPS and Libii Tech, still have apps available via the Play Store and versions of the removed apps can still be downloaded from APK sites. Versions of the apps published via the App Store did not appear to contain the same privacy violations as those available on Android devices.

There are nearly three million apps available from the Play Store, with thousands more added every day. For Google, ensuring that its privacy protocols are adhered to by each one represents a huge undertaking.

Recently, security firm Avast uncovered 21 adware apps on the Google Play Store, many of them disguised as games and gaming platforms, which could cause major damage to user devices.

The malicious apps (the full list of which can be found here), were found to bombard users with intrusive ads, and possibly run up huge phone bills, have been downloaded nearly eight million times in total.

Via Engadget

Barclay Ballard

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.