New study finds 60% of apps used by U.S. schools share student data with third parties, sometimes without user consent ↺
With the shift to remote learning for schools across the United States, many students find themselves using more apps and software for their education than ever before. However, a new study by the Me2B Alliance (a non-profit that focuses on creating a safer digital world) found that 60% of apps used by schools in the U.S. share student data with third parties.
The report, published today, analyzed 73 mobile apps used by 38 schools in 14 states. The study included over 500,000 students, parents, teachers, and others who use the apps. The Me2B Alliance (Me2BA) found that 60% of these apps shared student data with multiple third-party vendors, including Google and Facebook’s respective advertising platforms. On average, the study found that an app sent data to 10.6 third-party channels.
(As a point of clarity, a "third party" in this instance commonly refers to an organization, company, or other entity that has little to no direct involvement in the development, maintenance, or administration of a particular piece of software. In essence, a third party is typically someone not directly involved with the app’s primary function.)
Perhaps more alarming is that Me2BA found 18% of apps used by public schools in the study send data to what it calls “very high-risk third parties,” which are vendors that further share data in networks consisting of hundreds or thousands of other entities.
The apps were spread across both Android and iOS systems. Android apps were found to send student data to third parties at a significantly higher rate than iOS apps.
Many of the apps would access a variety of user information, including advertising IDs, calendars, contacts, photos, media, network identification (including IP addresses), and local storage. Some apps would also request access to a device's camera, microphone, device ID, or call information.
Data sent typically included unique identifiers that could be used by third parties to build a profile for particular students, helping advertisers and other entities track and better target particular students.
85% of the schools included in the analysis served students under the age of 13. It should be noted that the study did not look into how third parties receiving student data handled the data sent to them. The Children’s Online Privacy Protection Act of 1998, or COPPA, outlines strict stipulations concerning the handling of data for individuals under the age of 13.
Another key point of the study found that students and other users did not need to be logged into an app for it to send data to third parties. In other words, many of the apps analyzed would begin sending data as soon as the app launched.
While it is common for apps on mobile devices to share user data with third-party services, many have expressed concern about this practice with regard to educational apps, particularly those used directly by students. It seems that many apps K-12 students in the United States use are indeed sending user data to third parties, many of whom remain unknown. Further still, it appears this data is often sent without the knowledge of the user.
You can read the entire report here.
What do you think of the Me2BA’s report on student data? Let us know in the comments.