Google has abolished three children apps from the Google Play Store. Google removed these three apps because the International Digital Accountability Council (IDAC) pointed out data collection breach. The three apps which were removed by Google are – Princess Salon, Number Colouring, and Cats & Cosplay. If we put together there were more than 20 million downloads of these three apps. As per IDAC when it comes to code these apps were not violating any rules but, there were problems found in the frameworks which were powering these apps. These apps were using SDKs from Unity, Umeng, and Appodeal and there were issues spotted in these developer kits.
As per the TechCrunch report, it mentioned that Google has already removed these three apps – Princess Salon, Number Colouring and Cats & Cosplay from the Google Play Store soon after the IDAC reported them. A Google spokesperson told the publication that “We can confirm that the apps referenced in the report were removed. Whenever we find an app that violates our policies, we take action.”
IDAC states that there were some issues found in the data collection practices by three software development kits which were used within those apps. The three SDKs which were used in those apps are Unity, Umeng, and Appodeal and these were reportedly not in agreement with broader Google Play policies around data collection. For instance, specifically some versions of Unity’s SDK were collecting both user’s AAID and Android ID simultaneously which was against Google’s privacy policies. Due to this, it could have allowed developers to bypass privacy controls and track users over time and across devices.
IDAC explains in its blog that “The AAID is Android’s unique ID used for advertising and, unlike the Android ID (another Android unique identifier); users have the ability to reset their AAID. However, when the AAID is linked, or “bridged” with the non-resettable Android ID, it allows companies to track users; ID bridging ultimately makes the AAID’s ability to be reset by users moot.“
As reported by IDAC, there were neither any known violations nor were there any details shared on how much data was compromised by these apps. However, this highlights the tangled nature of software and the potential risks involved even when there are compassionate app producers out there.