Revealed: Top 10 most privacy-invasive educational apps on Android
While it is no secret that app manufacturers collect insights and information about their users, it is a much bigger issue among educational apps since they are highly used by children. As study season is approaching, the Atlas VPN team decided to look at the privacy of popular educational apps and see how much user data they gather.
According to the Atlas VPN research, 92% of educational apps on Android collect user data. Language learning app HelloTalk and learning platform Google Classroom developed by the tech giant, top the chart as the most privacy-invasive, collecting user information across 24 segments within 11 data types.
A segment is a data point such as name, phone number, payment method, and precise location that are grouped in broader data types such as personal information, financial information, and location.
For this report, the Atlas VPN team analyzed the Google Play app profiles of 50 popular Android apps within the education category. The apps were ranked based on how many user information segments they collect.
The apps for analysis were picked from various top Android application charts for 2022, including Sensor Tower and Similar Web. The analyzed apps encompass a mix of ed-tech apps, virtual classroom apps, study help, language and musical instrument learning apps, educational games, online course apps, and book reader apps.
The second place on the list is occupied by the leading language learning app Duolingo and a communication app for teachers, parents, and students, ClassDojo. Each of the apps collects user information from 18 segments.
Meanwhile, the online education subscription platform MasterClass collects user information across 17 segments, followed by the interactive learning platform Seesaw, which gathers data from 15 segments.
Other apps in the top ten include learning management app Canvas Student (14), education communication app Remind (14), digital education app for children ABCmouse (14), and knowledge-sharing student community app Brainly (14).
The most commonly collected data type includes personal information, such as name, email, phone number, address, user ID, or similar. It is collected by 90% of educational apps.
Next up is identifiers that relate to an individual device, browser, or app (88%), app info and performance, such as crash logs and diagnostics (86%), app activity, such as in-app search history, and other apps user has installed (78%), photos and videos (42%), and financial data, such as user payment info and purchase history (40%).
Over a third (36%) of apps also collect location data, followed by audio (30%), messages (22%), files and documents (16%), calendar (6%), contacts (6%), health and fitness (2%), and web browsing (2%).
Of the analyzed apps, only 2 (4%) do not collect any user data, while 2 apps do not provide any information on their collection practices.
70% of educational applications share your data with third parties
While many apps were found to collect user data, some apps go a step further and share user data with third parties. In total, 70% of educational applications on Android were found to disclose some of their user data to third parties.
Personal information is the most commonly shared type of user data. In total, 46% of apps were found to share this information with third parties.
Next are identifiers related to an individual device, browser, or app. They are shared by 44% of educational apps on Android, followed by app activity (38%) and app info and performance (34%).
Other user data educational apps disclose to third parties include location (12%), photo and video (4%), audio (4%), and messages (2%).
All in all, while some of the collected user information might be necessary for the provision of the services of these educational apps, we found many of the collection practices excessive.
Even more problematic is that most apps transfer sensitive data to third parties, ranging from user name to user location, contact details, and photos, that can be later used to create a profile of who you or your children are.
How to minimize the data you share with apps
- Do not disclose your real information. When signing up for the app, use a fake name instead of your real name. Make sure to use an email address that does not have your real name; otherwise, provide as little information about yourself as possible.
- Adjust the app's settings. Some apps provide the possibility to limit some of the data that's collected in the settings. You can also disable some app permissions in the settings of your smartphone. While some permissions might be necessary for the app to function, others might not impact the app's functioning much.
Checkout our article for more cybersecurity tips for the next school year.