In our study of kids’ Android apps, we observed that a majority of apps specifically targeted at kids may be violating U.S. privacy law: the Children’s Online Privacy Protection Act (COPPA). In response to this revelation, many companies that we named in our paper have responded by stating that they are not covered by the law because either their apps are not directed at children or they have no knowledge that any of their users… Continue Reading

As a followup to my previous post, I both emailed CVS and tweeted at them to give them an opportunity to comment on their app’s location-sharing practices: I noticed that your mobile app appears to be sharing my location data with around 40 different third parties. Can you please explain this? Is this a bug? They responded 5 hours later, claiming that they do not share location data with any third parties: …we do not… Continue Reading

Recently, we decided to take a closer look at apps in our database that are sharing location data. This is a concern, because it could be used to track someone over time. One app in particular stood out, just based on the sheer number of data recipients. The “CVS/pharmacy” app appears to be sending the user’s GPS coordinates to over 40 different entities! Some of these include:
… Continue Reading