The study found 27 apps that collected location data.
As the coronavirus pandemic forces schools to shift to online learning, parents and teachers are turning to educational apps to overcome the virtual barrier. It turned out that with the help of these applications, not only children learn, but also online advertisers receive new knowledge.
Researchers at the International Council on Digital Accountability looked at 496 educational apps from 22 countries and found privacy issues in many of them. Some apps shared location data with third-party advertisers and also collected unique device IDs that cannot be changed.
Your iPhone’s Location Can Be Tracked – Here’s How to Stop It
Sending your iPhone’s current location can be very helpful if you want family and friends to know where you are. That way they can figure out where you are when you can’t or don’t want to explain it manually. However, depending on how you shared your month…
The researchers found that 79 out of 123 apps shared user data with third parties. This data may include your name, email address , location data, and device ID. The study also found that more than 140 companies received data from education apps, most of which was sent to Facebook and then to Google.
Security researchers often find privacy issues in apps, many of which collect data from devices even when you don’t give consent.
Even if you give permission for the collection of data, it is often shared with several third parties who use it in their own way. For example, we may allow our weather app to obtain your location for accurate forecasts, but that app ‘s data partners may already be using it for promotional or other purposes .
Secret Service bought user location data
Agencies usually require a warrant or court order to force a company to provide location data for an investigation. But agencies don’t need a warrant if they can buy the data
Application creators often also use software development kits or SDKs as shortcuts rather than building their software from scratch, which can also lead to data theft.
Security researchers can analyze network traffic and examine application code to find out where data is being leaked, but the average person should not be expected to have such skills to protect their privacy.
These problems are common to all apps, but more so for educational apps since most of the people who use them are kids. According to the report, millions of educational app downloads share location data of children without their knowledge.
“When you have a user group that is so heavily targeted at young people, it raises a sensitivity that developers need to be aware of and platforms need to be vigilant about," said IDAC President Quentin Palfrey.
The researchers manually tested 78 Android apps and 45 iOS apps, some of which overlap. They also automatically tested 421 Android apps in their study .
Manual tests are more thorough and allow you to see how personal data is collected, to whom it is sent, and what information is collected.
The study found 27 apps that collected location data. Some really needed the information they collected, like constellation apps that used your location to tell you which stars are above you in real time. Other apps have had more dubious reasons for collecting location data, such as apps for learning programming languages like JavaScript and SQL.
The Shaw Academy app collected location data, device IDs, and then sent it to a third-party marketing company, WebEngage. Shaw Academy boasted in June that its online education platform has grown nearly eightfold since the start of the COVID-19 lockdown in March, with most of its new users between the ages of 25 and 34.
Shaw Academy Chief Strategy Officer John White referred to the company’s privacy policy, which stated that the company may collect, use, and share real-time location data via GPS, Bluetooth, and IP address, as well as cell tower locations, in order to "provide location-based services,” but he never explained what those services were.
“This location data is collected anonymously unless the user gives consent. The user may withdraw consent to the collection, use, transfer, processing and maintenance of location data and account data of Shaw Academy and our partners by not using the location data feature and disabling location services settings (if applicable) on the user’s device and computer”, – White said in an email.
WebEngage, which specializes in targeted Facebook advertising, email, and push notifications, boasts of tracking 400 million people a month. The company did not respond to a request for comment.
These hotspots are often location-based—unless you’re actively moving your router—which means advertisers know when you’re on your home Wi-Fi network and when you’re in a coffee shop.
Many of the apps also collect device IDs along with advertising IDs, which is against Google’s developer policy. Your phone has multiple IDs, but developers are usually not allowed to collect persistent IDs.