Google has decided to put its foot down on three apps that were specifically targeted towards children, as reported by TechCrunch. These seemingly innocent-looking apps aren’t small ones, either, as they have approximately 20 million downloads between them.
All three of the apps were removed from the Google Play app store, making them unavailable to download for anyone going forward.
What Happens To These Apps Now?
Let’s start with what actually happened. Google was alerted that the apps called Princess Salon, Number Coloring, and Cats & Cosplay were violating the rules by the International Digital Accountability Council. Specifically, they were violating data collection policies, potentially accessing users’ Android ID and Android Advertising ID (AAID) numbers.
Google agreed with the claims from the IDAC and made a statement confirming the apps were removed from Google Play.
“We can confirm that the apps referenced in the report were removed,” said the Google spokesperson in a statement to TechCrunch. “Whenever we find an app that violates our policies, we take action.”
Apparently, the data leakage could be connected to the apps being built using SDKs from several firms. First, there’s Unity, which is the engine running the games. Next, Umeng is an Alibaba-owned analytics provider that some have described also as an adware provider. Finally, there’s Appodeal, which is an app monetization and analytics provider.
"The practices we observed in our research raised serious concerns about data practices within these apps," said IDAC president @qpalfrey in interview with @ingridlunden at @TechCrunch. https://t.co/Jch1ngKtwn
— International Digital Accountability Council (@IDACwatchdog) October 23, 2020
IDAC president Quentin Palfrey spoke on the findings. He said, “The practices we observed in our research raised serious concerns about data practices within these apps.”
Palfrey elaborated on what the damage caused by these leaks could be. “If AAID information is transmitted in tandem with a persistent identifier it’s possible for the protection measures that Google puts in place for privacy protection to be bridged,” he said.
With both the AAID and Android ID, developers could bypass privacy controls and track users over time and across devices. Obviously, that can be dangerous, and it certainly something no one would want an app to have without their permission.
Unfortunately, IDAC wouldn’t get too specific on whether it could determine how much data was actually drawn as a result of the violations that it identified. That means it’s not clear whether user information was compromised.
What Does This Mean Going Forward?
Obviously, Google Play is a giant app store, and there are bound to be some bad apps that get through. It’s good to see that Google responded quickly to remove the apps from the store so no one else can download them.
If you or your child have these apps installed already, you should delete them as soon as possible and discontinue using them.