[Skip to Content]
[Skip to Content Landing]
Views 1,643
Citations 0
Original Investigation
Impact of Policy on Children
September 8, 2020

Data Collection Practices of Mobile Applications Played by Preschool-Aged Children

Author Affiliations
  • 1Department of Pediatrics, University of Michigan Medical School, Ann Arbor
  • 2Usable Security and Privacy Group, International Computer Science Institute, Berkeley, California
  • 3Department of Nutritional Sciences, University of Michigan School of Public Health, Ann Arbor
  • 4Center for Human Growth and Development, University of Michigan, Ann Arbor
  • 5Department of Biostatistics, University of Michigan School of Public Health, Ann Arbor
  • 6Department of Health Behavior and Health Education, University of Michigan School of Public Health, Ann Arbor
JAMA Pediatr. Published online September 8, 2020. doi:10.1001/jamapediatrics.2020.3345
Key Points

Question  What are the data collection and sharing practices of mobile applications (apps) played by young children, and do potential privacy violations differ by child characteristics?

Findings  Two-thirds of apps played by 124 preschool-aged children in this cohort study showed collection and sharing of persistent digital identifiers. Children who were older, had their own mobile devices, played a higher number of apps, or were from lower-education households had higher counts of data transmissions to a higher number of third-party domains, whereas only 8% of children played apps that showed zero identifier transmissions.

Meaning  Digital identifiers collected from children’s mobile devices can be used for profiling and marketing purposes; this study’s results suggest that potential violations of child digital privacy laws are common, and enforcement of the Children’s Online Privacy Protection Act is needed.

Abstract

Importance  Child-directed mobile applications (apps) have been found to collect digital identifiers and transmit them to third-party companies, a potential violation of federal privacy rules. This study seeks to examine the differences in app data collection and sharing practices by evaluating the sociodemographic characteristics of the children who play them.

Objective  To examine data collection and sharing practices of 451 apps played by young children and to test associations with child sociodemographic characteristics.

Design, Setting, and Participants  This study used data from the baseline phase of the Preschooler Tablet Study, a prospective cohort study conducted from August 2018 to January 2020. This study used a population-based sample. A convenience sample of the parents of preschool-aged children was recruited from pediatric offices, childcare centers, social media posts, and an online participant registry. Eligibility criteria included (1) parent or guardian of a child aged 3 to 5 years, (2) parent or guardian who lived with the child at least 5 days per week, (3) participants who spoke English, and (4) a child who used an Android (Google LLC) device. All interactions with participants were through email, online surveys, and mobile device sampling.

Exposures  Sociodemographic characteristics were assessed by parental report.

Main Outcomes and Measures  This study tested the hypothesis that data transmissions to third-party domains are more common in apps played by children from low-socioeconomic-status homes. Child app usage was assessed via a mobile sampling app for an average of 9 days. Persistent identifier data transmissions to third-party domains were quantified for each app using an instrumented Android environment with monitoring of network traffic; for each child, the counts of total data transmissions were calculated, and the total third-party domains were detected for the apps they played.

Results  Our sample comprised 124 children who used Android devices (35 tablets, 89 smartphones; 65 girls [52%]; mean [SD] age, 3.85 [0.57] years; 87 non-Hispanic White [71%]). One hundred twenty of participating parents (97%) were women. Of 451 apps tested, 303 (67%) transmitted persistent identifiers to 1 to 33 third-party domains. Child data transmission counts ranged from 0 to 614 (median [interquartile range], 5.0 [1-17.5]) and third-party domain counts from 0 to 399 (4.0 [1-12.5]). In multivariable negative binomial regression models, higher transmission and third-party domain rates per app were positively associated with older age (rate ratio, 1.67 [95% CI, 1.20-2.33]; P = .002 and 1.69 [95% CI, 1.26-2.27]; P < .001, respectively) and lower parent educational attainment (eg, high school or General Educational Development or less rate ratio, 2.29 [95% CI, 1.20-4.39]; P = .003 and 2.05 [95% CI, 1.13-3.70]; P < .02, respectively), but not with household income.

Conclusions and Relevance  This study found that apps used by young children had a high frequency of persistent identifier transmissions to third-party companies, suggesting that federal privacy rules are not being enforced. Older children, those with their own devices, or those from lower-education households may be at higher risk of potential privacy violations.

Limit 200 characters
Limit 25 characters
Conflicts of Interest Disclosure

Identify all potential conflicts of interest that might be relevant to your comment.

Conflicts of interest comprise financial interests, activities, and relationships within the past 3 years including but not limited to employment, affiliation, grants or funding, consultancies, honoraria or payment, speaker's bureaus, stock ownership or options, expert testimony, royalties, donation of medical equipment, or patents planned, pending, or issued.

Err on the side of full disclosure.

If you have no conflicts of interest, check "No potential conflicts of interest" in the box below. The information will be posted with your response.

Not all submitted comments are published. Please see our commenting policy for details.

Limit 140 characters
Limit 3600 characters or approximately 600 words
    ×