Bitdefender has found that an increasing number of Android apps request unnecessary permissions and use them to monitor the location of children without their parents' consent, with British children being particularly vulnerable.
This is in light of a recent Bitdefender study of more than 2,000 parents worldwide which found that more than 11 per cent of British children receive an Android device by their 7th birthday, with some children receiving their first at only 5 years of age.
This poses a risk of malware infections and SMS fraud targeting users who are still only learning to read. Moreover, free apps that target small children, such as Kids ABC Games and Educational Puzzles, can track or access geo-locations without requesting information that only parents can provide. Developers admit the games were created for children under 8, but also provide personal details to third parties.
"Why would an alphabet game require a child's' precise GPS and network location?" asks Catalin Cosoi, Chief Security Strategist at Bitdefender. "Of course, it's to make money by sending these details to aggressive third-party advertisers. Despite legislation and common sense, games for children still collect huge quantities of personal information about children without parental consent."
Some educational apps for children also try to access browsing history and leak the unique identifier of the device. The identifier can be used by developers, advertisers and analytics tools to track their behaviour across several apps.
In the US, the updated Children's Online Privacy Protection Act, which went into effect in July 2013, expanded the definition of "personal information" for children under 13 to include geo-location, photos, videos and audio files. Advertisers and developers are also banned from "behavioural advertising" without parents' consent, including "re-targeting" commercials based on browsing history.