Serge Egelman

Tiny Lab Responds

In our work looking at COPPA violations, one company really stood out: Tiny Lab Productions. They currently have 98 games available in the Play Store. Most of these games are in Google’s Designed for Families (DFF) program, which means that the developer is specifically marketing their apps to children under… Continue Reading

Joel Reardon

Apps sending location, secretly.

One of the things we noticed when doing our large-scale study of children’s games was that way more apps were accessing location data than were seen actually sending it. In some ways this makes sense—COPPA quite explicitly forbids sending location data without verifiable parental consent, something that our testing framework… Continue Reading

Serge Egelman

We get letters

In late February of this year, we received word that an advertising company, ironSource, had obtained a leaked draft of our paper on COPPA violations in Android apps. In that version of the paper, we mentioned them (and their subsidiary, Supersonic) exactly once: in a table of advertising SDKs whose… Continue Reading

Serge Egelman

CVS Discretely Shares Your Location with 40+ Other Sites

Recently, we decided to take a closer look at apps in our database that are sharing location data. This is a concern, because it could be used to track someone over time. One app in particular stood out, just based on the sheer number of data recipients. The “CVS/pharmacy” app appears to be sending the user’s GPS coordinates to over 40 different entities! Some of these include:
Continue Reading