60% of School Apps are Sending Student Data to Potentially High-risk Third Parties Without Knowledge or Consent According to New Research from Me2B Alliance
Research uncovers disturbing findings around privacy concerns with the use of school applications
What you need to know:
- 60% of school apps were sending student data to a variety of third parties, including advertising platforms like Google and Facebook
- On average, there were more than ten third-party data channels per app
- Public-school apps are more likely to send student data to third parties than private-school apps (67% public vs. 57% of private school apps)
- 18% of public-school apps included very high-risk third parties – i.e., third parties that further share data with possibly hundreds or thousands of networked entities
- Android apps are much more likely than iOS apps to be sending data to third parties and are much more likely to be sending to high or very high-risk third parties
Me2B Alliance, a nonprofit industry group focused on respectful technology, today published a research report to drive awareness to the data sharing practices of education apps associated with schools and school districts. According to the research findings, 60% of school apps were sending student data to a variety of third parties, including advertising platforms like Google and Facebook.
The Me2B Alliance Product Testing team audited a random sample of 73 apps from 38 schools in 14 states across the U.S., covering over half a million people (students, their families, educators, etc.). The audit methodology mainly consisted of examining data flow from the apps to external third-party vendors. The report, “School Mobile Apps Student Data Sharing Behavior,” is available for download at no charge.
Most mobile apps are built with software development kits (SDKs), which provide developers with pre-packaged functional modules of code and the potential of creating persistent data channels directly back to the third-party developer of the SDK. As part of the analysis, the magnitude of third-party data sharing in educational apps, as evidenced by the number of SDKs included in apps, was examined.
Key takeaways from the report:
- There is an unacceptable amount of student data shared with third parties – particularly advertisers and analytics platforms – in school apps.
- School apps – whether iOS or Android, public or private schools – should not include third-party data channels.
- iOS apps were found to be safer than Android apps, and with ongoing improvements, the “privacy gap” will widen unless Google makes some changes.
- People still have too little information about which third parties they’re sharing data with, and the app stores (Apple and Google Play) must make this information more clear.
“The findings from our research show the pervasiveness of data sharing with high-risk entities and the amount of people whose data could be compromised due to schools’ lack of resources,” said Lisa LeVasseur, executive director of Me2B Alliance. “The study aims to bring these concerns to light to ensure the right funding support and protections are in place to safeguard our most vulnerable citizens – our children.”
Download the report, “School Mobile Apps Student Data Sharing Behavior,” at no charge. School systems looking for more information can contact admin@internetsafetylabs.org. Organizations interested in advancing standards in ethical data and mobile and internet practices can visit the website to learn more about Me2B Alliance membership.
About the Me2B Alliance
The Me2B Alliance is a nonprofit fostering the respectful treatment of people by technology. We’re a new type of standards development organization – defining the standard for respectful technology. Scenarios like the ones described in this report – where user data is being abused, even inadvertently – highlight the types of issues we are driven to prevent through independent testing, as well as education, research, policy work, and advocacy.
Press
Friday, May 7, 2021
It was 7:30 Tuesday morning when the Me2B Alliance published its new Spotlight Report on School Mobile Apps Data Sharing Behavior. By lunchtime, the nonprofit’s research was reported on the national news. The Washington Post, Gizmodo, Apple Insider, American Online News, AdExchanger, and MSN picked up the story, as did a growing list of other carriers (links below), resulting in a boost to the visibility of the Me2B Alliance’s findings about the widespread and risky sharing of students’ personal information by school’s utility apps.