As educators and parents struggle to adapt to social distancing requirements amid the continuing COVID-19 pandemic, education technology apps have become an increasingly popular tool to assist with remote teaching and learning. To assist in ensuring the trustworthiness of the ed tech app ecosystem, the International Digital Accountability Council (IDAC) today released the results of its investigation into the privacy practices of nearly 500 global ed tech apps spanning 22 countries.
Although the report does not identify instances of egregious or intentional misconduct, IDAC’s investigation highlights several areas where ed tech apps’ privacy and security practices need improvement, including overcollection of user location information and persistent identifiers; third-party data sharing concerns; security lapses; bypassing privacy-enhancing features; and privacy concerns relating to the inclusion of advertising, analytics, and social media software development kits (SDKs).
“The COVID-19 pandemic has caused drastic changes in the way we educate our children,” said IDAC President Quentin Palfrey. “For many parents and teachers, that has meant a greater reliance on distance learning tools such as ed tech apps. As parents, teachers, and schools scramble to prepare for teaching and learning this fall, it is important to take a close look at the privacy and security features of ed tech apps that are likely to see much greater use.”
As part of the investigation, IDAC investigators tested 98 unique apps across both iOS and Android that were available to download in the Google Play Store and Apple App store across 22 countries as of July 15, 2020. The team also ran automated tests on 421 Android apps.
These apps encompass a mix of ed-tech apps, virtual classroom apps, educational content apps, language learning apps, learning games, library or book reader apps, study help, and team communication tools that are deployed in the context of remote learning. The IDAC team identified these apps by conducting teacher surveys and reviewing the top educational apps on the Google Play Store across 22 countries.
“Overall, our investigation shows that most ed tech companies are taking careful steps to protect the privacy and security of users,” Palfrey said. “At the same time, our investigation uncovered areas where there is considerable room for improvement.”
Specifically, the investigation found five key areas where ed tech apps fell short of best privacy and security practices. Some of the ed tech apps the team analyzed: (1) share location data and persistent identifiers with third-parties; (2) expose personal data in their URLs, raising security concerns; (3) allow a large number of third-parties to collect user information; (4) engage in ID-bridging, a practice that allows apps to circumvent users’ privacy controls; and (5) embed potentially invasive and unnecessary software development kits (SDKs).
“We are encouraged that the majority of the ed tech apps the IDAC team tested act in ways that align with users’ privacy expectations,” said Palfrey. “Our hope is that ed tech companies can review the privacy gaps our team has identified in this report in order to promote user trust as users continue to look for ed tech tools to assist in distance learning during the pandemic.”
You can read the full investigation here or download the report below.