The researchers introduced and tested their "COPPA Tracking by Checking Hardware-Level Activity," or COPPTCHA, tool in a study published in the March edition of IEEE Transactions on Information Forensics and Security. The tool was 99% accurate. Researchers continue to improve the technology, which they plan to make available for download at no cost.Basu said games and other apps that violate COPPA pose privacy risks that could make it possible for someone to determine a child's identity and location. He said the risk is heightened as more people are accessing apps from home, rather than public places, due to the COVID-19 pandemic.
"Suppose the app collects information showing that there is a child on Preston Road in Plano, Texas, downloading the app. A trafficker could potentially get the user's email ID and geographic location and try to kidnap the child. It's really, really scary," Basu said. Apps can access personal identifiable information, including names, email addresses, phone numbers, location, audio and visual recordings, and unique identifiers for devices such as an international mobile equipment identity (IMEI), media access control (MAC) addresses, Android ID and Android advertising ID. The advertising ID, for example, allows app developers to collect information on users' interests, which they can then sell to advertisers.
"When you download an app, it can access a lot of information on your cellphone," Basu said. "You have to keep in mind that all this info can be collected by these apps and sent to third parties. What do they do with it? They can pretty much do anything. We should be careful about this."
The researchers' technique accesses a device's special-purpose register, a type of temporary data-storage location within a microprocessor that monitors various aspects of the microprocessor's function. Whenever an app transmits data, the activity leaves footprints that can be detected by the special-purpose register.
advertisementCOPPA requires that websites and online services directed to children obtain parental consent before collecting personal information from anyone younger than 13; however, as Basu's research found, many popular apps do not comply. He found that many popular games designed specifically for young children revealed users' Android IDs, Android advertising IDs and device descriptions.
Basu recommends that parents use caution when downloading or allowing children to download apps.
"If your kid asks you to download a popular game app, you're likely to download it," Basu said. "A problem with our society is that many people are not aware of -- or don't care about -- the threats in terms of privacy."
Log Data may include information such as your IP address, browser type, operating system, location, your mobile carrier, device and application IDs, the Users with whom you video chat, access date and time spent on features of the Services and other statistics and Cookie information… [emphasis added].Why you should care: While you’re using Houseparty’s app, you’re being surveilled and analyzed.
Basu advises keeping downloads to a minimum.
"I try to limit my downloading of apps as much as possible," Basu said. "I don't download apps unless I need to."Researchers from the Georgia Institute of Technology, Intel Corp. and New York University also contributed to the work.