A new study published today takes an in-depth look at how apps used in schools are sharing children’s data with third parties. The research found the majority of school apps transmit data and that Android is 8x more likely to be sending that data to “very high-risk” third parties than iOS.
The new study was performed and published by the Me2B Alliance, a nonprofit with the goal of “fostering the respectful treatment of people by technology.” It included a random sample of 73 mobile apps used by 38 schools, “covering at least a half a million people (students, their families, educators, etc.) who use those apps.”
In the big picture including both iOS and Android, Me2B found 6 out of 10 school apps send student data to third parties and that on average, “each app sent data to 10.6 third-party data channels.”
But getting more specific, the study revealed Android is a much bigger culprit than iOS.
The analysis found that the majority (60%) of school apps were sending student data to a variety of third parties. These included advertising platforms such as Google, to which about half (49%) of the apps were sending student data, as well as Facebook (14%). On average, each app sent data to 10.6 third-party data channels.
That means Android is 3.5x more likely than iOS to share student data with high-risk third parties and 8x more likely to share with very high-risk third parties.
91% of Android apps send data to high-risk third parties compared to only 26% of iOS apps, and 20% of Android apps sent data to very high-risk third parties, compared to 2.6% of iOS apps.
Me2B says that Apple’s new App Tracking Transparency (ATT) feature that launched with iOS 14.5 reduces the risk of profile building on Apple devices by third parties and “increases the ‘respectfulness gap’ between iOS and Android apps.” However, the report says that ATT in iOS “may not fully remove the risk of profile building.”
Another concern is that the Me2B researchers believe “upwards of 95% of the third-party data channels are active even when the user isn’t signed in.”
The report also called out both Google and Apple for not detailing what third parties apps share data with:
Me2B’s key takeaways from the study:
Further, neither the Google Play Store nor the Apple App Store include details on which third parties are receiving data, leaving users no practical way to understand to whom their data is going, which may well be the most important piece of information for people to make informed decisions about app usage.
- There is an unacceptable amount of student data sharing with third parties – particularly advertisers and analytics platforms – in school apps.
- School apps – whether iOS or Android, public or private schools – should not include third-party data channels.
- iOS apps were found to be safer than Android apps, and with ongoing improvements the “privacy gap” between iOS and Android apps is expected to widen unless Google makes some changes.
- People still have too little information about which third parties they’re sharing data with, and the app stores (Apple and Google Play) must make this information clearer.
You can read the full study on Me2B’s website here.