“Won’t Somebody Think of the Children?” Examining COPPA Compliance at Scale
Joel Reardon, University of Calgary
April 19, 2018 2:30pm, in DC 1304
We present a scalable dynamic analysis framework that allows for the automatic evaluation of the privacy behaviors of Android apps. We use our system to analyze mobile apps’ compliance with the Children’s Online Privacy Protection Act (COPPA), one of the few stringent privacy laws in the U.S. Based on our automated analysis of popular free children’s apps, we found that a majority perform actions that are possible violations of COPPA, due to their use of third-party SDKs. While most of these SDKs offer configuration options to respect COPPA by disabling tracking and behavioral advertising, our data suggests that a majority of apps do not make use of these options. A further fifth collect data through SDKs whose terms of service outright prohibit their use in child-directed apps. Finally, we show that efforts by Google to limit tracking through the use of a resettable advertising ID have had little success with more than half transmitting other persistant identifiers alongside, negating the intended privacy-preserving properties.
Prof. Joel Reardon is an assistant professor at the University of Calgary. Prior to starting in Calgary, he did his Master’s at the University of Waterloo, doctoral degree at the ETH Zurich, and a post-doctoral year at the UC Berkeley and the International Computer Science Institute (ICSI). His research interests relate to security and privacy including issues for storage and compliance as well as systems to make it easier to use. He also loves mountains, bicycles, and writing poetry.