Our research did not include a deeper look into the third parties to understand whether or not these entities were taking appropriate care of student data, in particular for children under the age of 13, important in light of the Children’s Online Privacy Protection Act of 1998 (COPPA), which outlines requirements for the handling of personal information for children under the age of 13. The researchers estimate that upwards of 95% of the third-party data channels are active even when the user isn’t signed in. In most apps, third-party data channels initiated initial data transfers and ID syncs as soon as the app is loaded.
This change increases the “respectfulness gap” between iOS and Android apps, although it may not fully remove the risk of profile building.Īlso troubling is that the analysis found data being sent to third parties as soon as the app is opened by the user – even if they are not signed into the app. Apple’s new AppTrackingTransparency framework and changes to its incumbent IDFA (Apple’s mobile Identifier For Advertisers) system reduce the risk of the profile building that’s described in this research.
The research also showed that Android apps are three times more likely than iOS apps to be sending data to third parties, and are much more likely to be sending data to high or very high-risk third parties: 91% of Android apps send data to high-risk third parties compared to only 26% of iOS apps, and 20% of Android apps sent data to very high-riskthird parties, compared to 2.6% of iOS apps.Īdditionally, while not examined in detail, the analysis confirmed that the data sent to third parties typically included unique identifiers (through Mobile Advertising Identifiers, or MAIDs), thus enabling profile building for students – including those under the age of 13 – by third-party advertising platforms. Zero private school apps in this study sent data to any very high-risk third parties. 57% of private school apps).Īnother disturbing public-school finding: 18% of public-school apps sent data to what the Me2B Alliance deems very high-risk third parties – i.e., entities that further share data with possibly hundreds or thousands of networked entities. Moreover, public schools were more likely to send student data to third parties than private schools (67% vs. This finding is particularly troubling since public schools most likely utilized public funding to develop or outsource the apps – meaning that taxpayers most likely paid to fund apps that are sending student data to online advertising platforms. Two thirds (67%) of the public schools in the sample were sending data from apps to third parties. On average, the apps that shared data sent them to an average of 10.6 third party data channels. These included advertising platforms such as Google, to which about half (49%) of the apps were sending student data, as well as Facebook (14%). The analysis found that the majority (60%) of school apps were sending student data to a variety of third parties. This report details and summarizes the audit findings. The audit methodology mainly consisted of examining data flow from the apps to external third-party vendors, by evaluating the SDKs included in each app. The Me2B Alliance Product Testing team audited and analyzed a random sample of 73 mobile applications used by 38 schools in 14 states across the U.S., covering at least a half a million people (students, their families, educators, etc.) who use those apps.
0 kommentar(er)
