It’s not always easy for app creators to avoid violating kids’ privacy, and a few of those developers are learning this first-hand. TechCrunch reports that Google has removed Princess Salon, Number Coloring and Cats & Cosplay, Android apps with a combined 20 million Play Store downloads, after the International Digital Accountability Council (IDAC) found they were violating Google’s data collection policies. It wasn’t the app-specific code that led to the takedowns, though — rather, it was the frameworks that powered them.
The apps used versions of Unity, Appodeal and Umeng whose developer kit versions reportedly collected Android ID and Android Advertising ID (AAID) info. If an app sends the AAID alongside other persistent data, including the Android ID, it’s possible to violate Google’s privacy protections and track users, a major issue for apps aimed at pre-teen audiences.
IDAC president Quentin Palfrey didn’t say if the council could gauge how much data (if any) was taken as a result. There weren’t any known violations in iOS versions of the apps.
Google said it “take[s] action” whenever there’s an app that violates policy. These apps broke rule barring the uses of developer kits that aren’t approved for “child-directed services,” Google said. It added that it was still working on alliances and procedures to catch issues like this.
This doesn’t appear to have been an intentional breach, and at least two of the developers (Creative Apps and Libii Tech) still had apps available on the Play Store. It does, however, illustrate the risks involved in writing kids’ apps no matter how well-intentioned the producers might be.