American Schools' Phone Apps Send Children's Info To Ad Networks, Analytics Firms (theregister.com) 43
LeeLynx shares a report from The Register: The majority of Android and iOS apps created for US public and private schools send student data to assorted third parties, researchers have found, calling into question privacy commitments from Apple and Google as app store stewards. The Me2B Alliance, a non-profit technology policy group, examined a random sample of 73 mobile applications used in 38 different schools across 14 US states and found 60 percent were transmitting student data. The apps in question send data using software development kits or SDKs, which consist of modular code libraries that can be used to implement utility functions, analytics, or advertising without the hassle of creating these capabilities from scratch. Examples include: Google's AdMob, Firebase, and Sign-in SDKs, Square's OK HTTP and Okio SDKs, and Facebook's Bolts SDK, among others.
The data that concerns Me2B includes: identifiers (IDFA, MAID, etc), Calendar, Contacts, Photos/Media Files, Location, Network Data (IP address), permissions related to Camera, Microphone, Device ID, and Calls. About 49 percent of the apps reviewed sent student data to Google and about 14 percent communicated with Facebook, with the balance routing info to advertising and analytics firms, many among them characterized as high risk by the Me2B researchers. Among the public school apps, 67 per cent sent data to third parties; private school apps proved less likely to send data to third parties (57 percent). Interestingly, the research group found a signifiant difference across mobile platforms. According to The Register, "91 percent of student Android apps sent data to high-risk third parties while only 26 percent of iOS apps did so, and 20 percent of Android apps piped data to very high-risk third parties while only 2.6 percent of iOS did so."
The report adds: "Nonetheless, the researchers expressed concern that 95 percent of third-party data channels in the surveyed student apps are active even when the user is not signed in and that these apps send data as soon as the app is loaded."
The data that concerns Me2B includes: identifiers (IDFA, MAID, etc), Calendar, Contacts, Photos/Media Files, Location, Network Data (IP address), permissions related to Camera, Microphone, Device ID, and Calls. About 49 percent of the apps reviewed sent student data to Google and about 14 percent communicated with Facebook, with the balance routing info to advertising and analytics firms, many among them characterized as high risk by the Me2B researchers. Among the public school apps, 67 per cent sent data to third parties; private school apps proved less likely to send data to third parties (57 percent). Interestingly, the research group found a signifiant difference across mobile platforms. According to The Register, "91 percent of student Android apps sent data to high-risk third parties while only 26 percent of iOS apps did so, and 20 percent of Android apps piped data to very high-risk third parties while only 2.6 percent of iOS did so."
The report adds: "Nonetheless, the researchers expressed concern that 95 percent of third-party data channels in the surveyed student apps are active even when the user is not signed in and that these apps send data as soon as the app is loaded."
Comment removed (Score:5, Insightful)
Re:Get them while they're young. (Score:5, Insightful)
They are psychopaths with doctorates in psychological looking to data mine and manipulate children, attack them with soul destroying peer pressure advertising, the make them miserable consumers always needing to buy more. No they are not "mustache twirling villains", they are far worse, fully qualified professionals paid to pillage the minds of children for profit regardless of the harm to those children or society as a hole, with total and utter indifference to the child suicides the activity of paid professional scum like them trigger, with targeted advertising to make the child feel inadequate the need to buy their way out of the misery the advertising itself is generating.
They are far worse than villains in cartoons, these are sick psychopaths who should spend the rest of their lives in prison for the harms they have caused to countless children and society as a whole. They are truly sick individuals, getting off on warping the minds of children, the most successful get mansions, yachts and private jets, they just have to damage the minds of countless millions of children to warp them into addicted consumers, miserable and many commuting suicide as a direct result of the psychological depredations of marketing executives, they even groom them for more sexuality no barrier to too young, those executives as sick as it gets, preying on the minds of children (pretty much the lowest of the low and not cartoon characters at all, sick psychopaths one and all, molesters of minors).
Re: (Score:3)
Re: (Score:2)
Not to say that you're out of line or anything. But, who pissed in your Cheerios this morning?
An advertising executive. An advertising executive pissed in his Cheerios. He also pissed in your Cheerios, but you just didn't notice.
Re: (Score:2)
While there are ethical ad people, a significant portion of them have been pissing in everyone's cheerios for years.
Re: (Score:2)
I hate advertisers to, but we need them at least a little bit. Like, maybe 1% of what we get now would be good :D
Re: (Score:1)
Just one psychopath with a "doctorate in psychological" who is presently working in advertising, and who is enjoying his mansions, yachts, etc. as the result of ad campaigns he designed specifically to target children, resulting in warped minds and suicides.
Your caricature is very melodramatic, but after decades in children's media I can say with confidence that the ad execs charged with reaching chil
Re: (Score:1)
There's a reason Jeep sells electric toy cars with little to no profit.
I'm driving a 2019 Jeep Compass at the moment.
I can attest to this.
Re: (Score:2)
Everything is a business in US, incl. healthcare and education, contrary to the ways e.g. in EU. Thus no surprise here.
BTW Your signature shows that US education has more issues, assuming you are from US. If that sentence started with "Being the most curious person" then hey, yes. But not the way you have it. And generally, it is the best case when everyone in the room knows something more than the other ones know, since then the learning can work the best.
Re: (Score:2)
Re: (Score:2)
Hi, first of all, I admit that I should had not written it in a confrontational way. Using such a tone leads to nowhere, thus I'll not continue in that part.
Regarding the slogan, I understood what he meant; and I disagree with that. According to both my personal experience, and according to texts on life at workplace that I read, it is better when you can offer something too. Thus I tried to alter that slogan so that I could agree with it.
Regarding (public) education in US, it looks like a (form of) busine
Re: (Score:2)
As far as the schools go, they are supposed to be educators. It's their JOB to know. They are failing.
The companies making the apps are a lot closer to twirling their mustaches. They know damned well they are selling kid's info to ad networks and that it crosses the line.
They are fully as bad as the toy commercials that used deceptive animation (and sometimes stop motion) then "disclaimed" in small print captions for children too young to read.
Raping your privacy as a buisness model (Score:5, Insightful)
What's wrong with this picture? (Score:1, Flamebait)
Refuse to teach religion in a science classroom and all the right wing mama bears come raging out of their suburban lairs to get the teacher fired. But rip off their children's personal information and expose the families to risk from dodgy third party businesses, and...crickets.
Re:What's wrong with this picture? (Score:4, Insightful)
Re: (Score:1, Flamebait)
would also be infuriated by the thought of surveillance of their children by big tech
It's a broad church. Some of them love money so much that they hate the idea of not allowing big companies to make money however they could. Because, you know, one day, they might be running that big company and damned if some liberal secular regulation going to come between them and their God given right to make obscene amounts of money by any unethical (by secular standards) means necessary.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
So where is that hell? We've seen hell raised for science classes not teaching "intelligent design", even text books forced to change to accommodate. Where are the parents demanding the school board's heads for selling kids information to ad networks?
Re: (Score:2)
...the problem is that these people don't know that it's going on.
The problem isnt ads (Score:3)
Re:The problem isnt ads (Score:5, Insightful)
The problem is many people would rather fund schools by selling information on their neighbours' children than have their own property taxes go up
Comment removed (Score:4, Insightful)
This should be illegal (Score:1)
This should be illegal, IMO. Last I checked kid's aren't of legal age to enter into any kind of fine print, that is up to the parents or legal guardians. Pretty sure the kids didn't agree to it, and the parents largely don't know about it. At best I would call it a very grey area.
Re:This should be illegal (Score:5, Insightful)
The important bit being that they had to sign.
Re:This should be illegal (Score:4, Informative)
Yep, you're right, Had to sign it, or else move to a different school district. Not much of a choice.
Re: (Score:3)
Amend it, sign it, send it back.
If they object to your amendments then you have something to work with... with the media.
It's ridiculous that you have to take steps like these... but you do
better google then microsoft. (Score:1)
google is level 2 cancer, microsoft is level 3 or 4.
Re:better google then microsoft. (Score:5, Informative)
I think you got your ratings mixed up here.
Google is by far the worse of the two, for one simple reason: you can (still) mostly avoid Microsoft products if you want to, while it's practically impossible to avoid Google.
Re: (Score:2)
It's easy to avoid Google entirely.
You go to the Lineage OS web site, look at the list of supported Android devices, buy one and then rebuild the device with Lineage OS by following the instructions.
After installing Lineage OS, you do not install the Google Apps package - the Google Apps package puts the Google Services tracking layer on the phone and forces you to assign an identity to the phone whenever you use it.
At that point, you have an Android phone that Google has absolutely no capability of trackin
Re: (Score:1)
Re: (Score:2)
Admittedly "easy" is a relative term but if you use official Lineage OS, the instructions to install each version are straightforward. I've recently done a Google Pixel 4A phone and a Motorola G7 phone - you can upgrade both of those just by installing the Google ADB tools. They are fully supported for OTA (Over The Air) updates afterwards, plus there's no reason to root the phones. The only thing you have to do is unlock the bootloader to allow the custom ROM to be installed. It's all in the instructions,
The Devil really *Is* in the Detail (Score:3)
For example, the fact that,
"Most (nearly all) of the examined Android apps were designed to access the following information on the device: Identity, Calendar, Contacts, Photos/Media/Files, Location, USB Storage"
or that,
"Several apps were accessing: Camera, Microphone, Device ID & Call Information"
raises all sorts of questions about the actual functional need to allow a child's school/educational application to have access to a Contacts database, or the Microphone.
But behind this, there are other aspects which are less clear and perhaps even more concerning, including:-
1. Have "Benign" APIs Become Trojan Horses?
I'm starting to wonder if we're seeing a deliberate co-mingling of genuinely useful API features and scary data harvesting functionality. In other words, are the API providers building a software platform that "makes life easier" for the developer, but using that developer as a proxy to get at the developer's end user and the end user's data? Or is it that where the application behavior looks dodgy, it is all down to the developer? I'm starting to think that there are an increasing number of the former. How does this get "policed"? How are we expected to be able to figure this out?
2. Are Applications Designed to be Stealthily Intrusive?
OK, first, what do I mean by that? Well, suppose I'm a developer and I want to spy on you "all day long". How do I do that? Well, ideally I need my application to be running on your smartphone all the time, even when you can't see that it's there. How do I do that? Maybe I work in partnership with your school to send you useful reminders through the day, or to have your daily class schedule available because your school can "push" it to the cloud for handsets to pull down, so you can easily see what classroom to go to for your next class. If I do that, then you're going to rely on my application being open and running all the time, which means I can spy on you all the time.
3. Are Applications Subverting Parental Fears?
One of the stand-out, eye-popping line items in the report is the fact that many of these "educational" applications demand access to the phone's camera, microphone and GPS location data. Um, why? Is it linked to some sort of Owellian geofencing function that can tell a school or parent if their child leaves the school premises during the school day? Importantly, how secure is this application and how secure is the data it harvests? What if someone wishing to harm a child could access real-time location data for your kid? How do you feel about that? Maybe more importantly, if the application isn't offering to use GPS location data for child protection purposes, what the hell is it needing the data for?
4. How Can You Expect A 13-Year-Old To Understand A Privacy Policy?
Never mind the fact that the report shows that links to privacy policies were broken, that 10 of the 73 apps linked to privacy policies that only covered the developer's web site and not their application, or that several applications had privacy policies included explicit exclusions for children under 13 years of age, even though the applications were used by schools with children below that age... This suggests the fact that schools aren't even performing the most basic due diligence before implementing [or mandating] the use of these applications. [That's a potential COPPA violation, right there].
But more than that, as part of the learning process [ironic pun intended] I would want my children to understand all about "Privacy Policies" and to learn that they are being asked to give away their privacy in return for something. To make that work, then, the privacy policies offered must be written in simple terms that can be readily
Re: (Score:2)
That said, yeah, heightened scrutiny is absolutely warranted.
What, is there no such thing as "low risk" SDKs? (Score:2)
That is suspicious. People will habitually expect rankings like this to be low-medium-high, so if they don't dig enough they will assume "low" is an included rank and thus that "very high" is astonishingly bad. But is it? Haven't the people behind the study artificially inflated the apparent risk by omitting the "low" risk category that, by convention/tradition, ought to exist
This is Bullshit and Not OK (Score:2)
Parents need to raise hell with their local schools over this stuff. Invading the contacts, mic, etc. is totally bullshit.
What about COPPA (Score:2)
If these apps are used in education, isn't selling the data a violation of COPPA? You'd have to be taking a very narrow view of what "personal information" is to somehow exempt this.
Breakdown of apps (Score:2)
I read the report and I can't find anything but summary information. I'd like to see an app by app breakdown of problems.
Firebase? Really (Score:1)