Children's apps massively collect personal data and pass it on to third parties.



    For children's products have always put forward special requirements. Here and safety, reliability, simplicity, remote control, if we are talking about children's devices and services, and much more. The “parental control” function is almost as old as the entire digital world, besides this, the issue of protecting the personal data of children has been acute for quite some time.

    But even if your child has sufficient technical literacy and is familiar with the rules of behavior in the network (not to disclose their personal data, real place of residence, schedule, routes, and so on for reasons that are understandable to all of us), it is not protected from leakage of this information. The latest study saysthat a huge mass of children's apps marked “under 13 years of age” are watching their young users just as we, adults, are following Facebook or Google apps.

    Unpretentious games, the purpose of which is to develop or entertain children, it is quite for themselves to collect all sorts of information from the device and sensors, including geolocation and accelerometer data. Incidentally, large technology companies and social networks also monitor children in violation of the law. And this is a serious problem, especially if we take into account modern machine learning and neural networks.

    On paper, children are protected. But only on paper


    In the US, there are a number of laws that are aimed at protecting the younger generation, including in the Internet space. The main act on this topic is called " Children Privacy Act " and regulates the behavior of American companies in terms of the collection, processing and use of personal data of children. In short: the document prohibits any collection or processing of information obtained on children's sites or through children's applications without the explicit permission of the guardians. That is, a public offer in the basement of the site or EULA games should not work. The act was adopted so that manufacturers and advertisers could not directly manipulate immature minds in terms of, for example, advertising and marketing.

    However, Children Privacy Act is actively violated by at least half of game developers (including those from the top 10 Google Play and appStore), as well as by companies such as Google and Facebook. At the same time, special children's sections are positioned by companies as “safe”, which is far from being so. That is, the privacy of children is violated throughout the Internet.

    To use the collected data, there are several processing patterns and subsequent use. The first and most popular: the formation of the user's behavioral card (linked to the device ID) for further analysis and adjustment of the advertising issue. This is especially relevant in light of the fact that data is collected not only by large corporations, but also by developers of various applications (with subsequent transfer to advertising companies) that are directly interested in increasing the effectiveness of advertising in their applications and, as a result, in the cost of showing or clicking. Since the vast majority of applications for children are distributed free of charge (monetization through advertising) for the obvious reason that children have no money, this model is more than widespread.

    For a reasonable question, "How do children's applications from the market collect information?" Are answered in some detail in the New York Times publication . In short: it's all about the wrong tags. Thus, applications that monitor and collect user data are not positioned as “purely childish”, but “mixed”, which allows developers to bypass the “Children Privacy Act” and collect all the information of interest to them. It is worth noting that in this situation, the same Google washes its hands and says that there are also no violations on the part of the technology giant. It turns out the classic picture, when there is a violation, but no one is to blame for anything, sort of like.

    Concrete measures against violators are taken to a point and extremely reluctant by Google. The first to distribute to the concerned public and NYTimes was the developer of the children's games Tiny Lab, which actively followed its young users and merged their data to advertising companies. After numerous calls to Google, the giant had to respond to user requests and deactivate the Tiny Lab account, and also remove all the games of this developer from Google Play. But, in fact, both in the appStore market and in Google Play, there are thousands more children's applications that collect personal data, so the Tiny Lab ban looks more like a demonstration spanking than real steps to correct the situation.

    Neural networks and machine learning


    But if the developers collected only virtual information about the user, then this could still be partially put up. But the modern slogan “information is everything”, as well as the general domination of Big Data with machine learning, makes its own adjustments. Therefore, gather all the information to which you can reach.

    The most unobvious, but physically (and not informationally) dangerous vector is the collection of information from device sensors, such as a light sensor, an accelerometer and geolocation.

    By the way, research in this area was conducted in 2013. Then, as part of the scientific work, the research team created 30 reference records of user behavior in the context of everyday activity. SVM technology was used to process related videos. As a result, this research has created a kind of "framework" and opened the door for machine learning and the creation of convolutional neural networks by other specialists in the field who want to fully simulate the behavior of the user according to the sensor of his device.

    Since the report at the 21st International European Machine Learning Symposium, where this work was presented, five years have passed. Since then, sensors and accelerometers in devices have become more sensitive and accurate, and machine learning, neural networks, and work with Big Data have reached a fundamentally different level.

    And today (September 17, 2018), five years after publication, thanks to machine learning specialist Jason Braley in the network, under the heading " How to simulate human activity using smartphone data, " a detailed analysis of this work appears with examples of code and links to all necessary tools and repositories. In his publication, Brauli tells how using a cocktail from geolocation data, accelerometer and other sensors, you can not only fully recover the user's route, but also completely simulate all his behavior and movement in a specified period of time using data from a 2013 study.

    At the same time, Brauli notes that a properly trained neural network can not only build graphs of user activity or a group of individuals, but also make predictions, which takes us to a different level of “cyberpunk we deserve”. In order to justify the whole situation, it is worth saying that in order to fully modulate the activity of a specific user, considerable technical knowledge and experience in machine learning is required.

    If you take the darkest possible scenario, “thanks to” total surveillance and incontinence of application and game developers, any interested specialist, if you have data, can determine in which yard, through which your child cuts away from lessons or training, the lights do not work, how noisy it is and whether other people walk there. And nothing can be done about it.


    Are you an experienced developer, architect or head of an IT company and are thinking of changing your place of work? Check out our SA , CA , SEM vacancies and positions on My Circle .
    Perhaps they will interest you.
    Tags:

    Also popular now: