These violations are more concerning regarding the approach of the three publishers towards the data protection policies.
Android apps: Tech giant Google has removed three apps from its Play Store, after a team of researchers found that they were violating its policies. Researchers at the Boston-based International Digital Accountability Council (IDAC) found that the three apps, which were targeting younger users, had been violating the data collection policies set by Google. The IDAC researchers said that the apps – Cats & Cosplay, Princess Salon and Number Coloring – had potentially been accessing the Android ID and AAID of users. The three apps together had more than over 20 million downloads.
The apps were removed from Play Store after the IDAC flagged the issue to Google.
These violations are more concerning regarding the approach of the three publishers towards the data protection policies. These are also especially concerning because they target young users.
Other apps of two of the publishers of these apps – Creative APPS and Libil Tech – are still live on the Play Store. Moreover, the versions of these three apps are also available via downloadable APK sites. The iOS versions of these apps are also live, but the IDAC has said that on the iOS, they haven’t found a similar issue in the initial screenings, at least.
The violation by these apps are complicated. It is one of the ways to track users without their knowledge with the help of such apps.
On the backend activity in these apps, the IDAC pointed towards three SDKs that were being used in these apps – Appodeal (an app monetisation and analytics solution), Unity 3D and game engine, and Alibaba-owned Umeng (which is also an analytics provider). It said that these were the source of the problems.
IDAC president Quentin Palfrey said that the issue was that the data collected by these apps with the help of the SDKs could be linked with other types of data of the user, like the geolocation information.
While IDAC did not give specific details about the working of the SDKs or regarding the data taken by these apps, it did explain that certain versions of Unity were capable of tracking both the Android ID and the AAID of the user at the same time, and this could have let the developers of these apps bypass the privacy controls to track users across devices and time.