SLIDE 1
“Won’t Somebody Think of the Children?”
Examining COPPA Compliance at Scale
Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina- Rodriguez, and Serge Egelman
Wont Somebody Think of the Children? Examining COPPA Compliance at - - PowerPoint PPT Presentation
Wont Somebody Think of the Children? Examining COPPA Compliance at - - PowerPoint PPT Presentation
Wont Somebody Think of the Children? Examining COPPA Compliance at Scale Irwin Reyes, Primal Wijesekera, Joel Reardon, Amit Elazari Bar On, Abbas Razaghpanah, Narseo Vallina- Rodriguez, and Serge Egelman COPPA? Age 13 and under
SLIDE 2
SLIDE 3
COPPA?
- Age 13 and under
- Bans collecting certain data
- Some (verifiable) parental consent required
SLIDE 4
How would you “Solve” COPPA?
https://www.iubenda.com/blog/guide-coppa-mobile-apps/
SLIDE 5
SLIDE 6
Problems
SLIDE 7
Cult of Mac
SLIDE 8
Analysis Environment
Lumen Privacy Monitor Android Central
SLIDE 9
SLIDE 10
Overall Results
- 28% of 5,855 apps
- 73% transmitted sensitive data
- None attained parental consent - let alone verifiable
SLIDE 11
Location Data
- 706 apps had fine or coarse location permissions
- 235 used system location API
- 184 shared location data
- 101 apps shared Wi-Fi MAC address
SLIDE 12
https://techcrunch.com/2017/08/22/accuweather-revealmobile-ios/
SLIDE 13
Transmission Analysis
- COPPA - need to use TLS for all data transmissions
- 2,344 “designed for families” apps did not use TLS in at
least one transmission
- So… 3,511 apps are good?
SLIDE 14
SDKs
“…&coppa=true…”
SLIDE 15
SLIDE 16
–Reyes et al.
“…we suspect that many privacy violations are unintentional and caused by misunderstandings of third-party SDKs.”
SLIDE 17
SLIDE 18
SLIDE 19
https://www.davidhaney.io/npm-left-pad-have-we-forgotten-how-to-program/