In our study of kids’ Android apps, we observed that a majority of apps specifically targeted at kids may be violating U.S. privacy law: the Children’s Online Privacy Protection Act (COPPA). In response to this revelation, many companies that we named in our paper have responded by stating that they are not covered by the law because either their apps are not directed at children or they have no knowledge that any of their users are children. As a broader issue, we have also noticed that many companies appear to turn a blind eye to COPPA compliance by stating in their privacy policies that their obviously-child-directed apps are not directed at children.
As I’ll explain in this post, these excuses are disingenuous at best and outright lies at worst: for every app that we examined, the developer took proactive steps to market their apps to children under 13, and therefore appear to be subject to COPPA because their apps are “directed” at children.
The link to the relative paper: https://blues.cs.berkeley.edu/blog/2018/04/25/wont-somebody-think-of-the-children-examining-coppa-compliance-at-scale/