Profiles Of Child Users

PUBLISHED: 7:45 PM 14 Sep 2018

Google And Twitter Let A Lithuanian Game Developer Track Children

Tiny Lab put children under the microscope ‘as they play,’ to ‘exfiltrate’ user data and the child’s location to within 15 feet.

Tiny Lab worked “together” with Google, Twitter, and their advertising agents to embed “bits of coding” they call “software development kits” allowing their games to “communicate directly with the advertisement companies.”

Google and Twitter allowed games “clearly and indisputably designed for children,” by Lithuanian company Tiny Lab Productions, to illegally “exfiltrate children’s data as they play,” including “precise location within 5 meters (15 feet).” The developer then allegedly sold the demographic characteristics and online activity of the young children to third party advertisers, all without parental consent.

The developer’s “Racing Games” were yanked from Google Play the same day that New Mexico’s Attorney General Filed suit in the U.S. District Court. The games are believed to be ones that “analyzed” and “stored” data, used to “build increasingly-detailed profiles of child users.” The data was also allegedly “shared with and sold to myriad third parties so that each can continue to build their own profiles.”

Many parents are understandably upset too, wondering if the information could have ended up in the hands of predators too.

According to the complaint, Tiny Lab worked “together” with Google, Twitter, and their advertising agents to embed “bits of coding” they call “software development kits” allowing their games to “communicate directly with the advertisement companies” sending “data and advertisements back and forth.”

Attorney General Hector Balderas, filed the lawsuit on September 11, naming Google Inc. and their associated ad company AdMob, Twitter and their MoPub advertising branch, along with “mobile marketing and advertising” companies AerServ, AppLovin, ironSource USA Inc. and InMobi PTE.

According to Balderas, the prime data targets are what’s called “persistent identifiers.” They follow you around like a social security number and “can link an individual to their devices’ apps, then track that user across other devices.”

The complaint alleges that kind of activity violates the Children’s Online Privacy Protection Act, which restricts data collection on children younger than 13. “All of this activity serves one primary purpose: to learn more about the child in order to send her highly-targeted advertisements,” Balderas declares in the complaint.

The lawsuit explains that COPPA “requires that parents be provided complete disclosure of information being collected from their children and how it will be used after providing explicit consent to collect that information.

Tiny Labs denies violating COPPA “as far as we know.”

“We have an age gate to determine the user’s age by asking their birth date as per FTC guidelines,” Tiny Labs claims on their website. “If, according to the entered birthdate, the user is under 13 none of the personal information is collected.”

If a child lies about their age it isn’t their problem, they evade, and for children over 14 “COPPA simply does not apply.”

Central to the legal complaint, a research study conducted by the Berkeley campus of University of California indicated that Tiny Labs did violate the child protecting regulations.

The developer argues that the study is flawed because it was done “with automated tools where nobody actually read the privacy policy, terms of use or entered the correct information into age gate.”

What they don’t say is the percentage of children under 13 who read the terms of use, enter the correct information, or ask their parents for permission.

“We use industrywide practices and publicly available guidelines issued by government to ensure the privacy and safety of players under 13 years old. We have taken all measures available to us to protect privacy of young players,” challenges Jonas Abromaitis, CEO of Tiny Lab.

They’re perfectly free to go for the jugular on children older than 13 even if they aren’t old enough to drive or join the military, they want the public to believe.

Amazingly, the employees of major Silicon Valley technology firms like Google and Apple send their kids to special low tech schools. They don’t want their kids exposed to iPads and electronics until after they learn the classics.

“The tech-free teaching methods” at Waldorf school “are designed to foster a lifelong love of learning and teach students how to concentrate deeply and master human interaction, critical thinking, creativity, and problem-solving skills.”

The schools’ philosophy is that students should “experience literature, math, and science—along with visual and performing arts, in a developmentally appropriate way,” Liz Dwyer writes.

Twitter pulled the plug on Tiny Lab a year ago. A spokesperson for the social media giant emailed The Recorder, “Tiny Lab was suspended from the MoPub platform in September 2017 for violating our policies regarding child-directed apps.”

“As per our privacy policy, MoPub does not permit the MoPub Services to be used to collect information from apps directed to children under the age of 13 for purposes of personalized advertising.”

Not only is Tiny Lab accused of violating COPPA, they are also being charged with violations of New Mexico’s Unfair Trade Practices Act.

The complaint also alleges “material misrepresentations and omissions,” which basically means lying about something important or intentionally leaving something important out, regarding “public facing documents such as websites, privacy policies, marketing materials, app interfaces, and public statements.”

What the state hopes to gain from the lawsuit is an order from the Judge granting “injunctive relief.” The court can make Tiny Lab stop the illegal tracking practices and also force them to destroy any data they illegally collected already.

On top of the order, the state is asking for “punitive” damages which amounts to a heavy fine on the company to serve as an example and deter other software developers from doing the same thing.

In order to get the punitive damage award, the Attorney General will need to prove that the “malicious, oppressive, and willful” actions of the defendants were “calculated to injure New Mexico citizens and made in conscious disregard of New Mexico citizens’ rights.”

Social media mega-corporations like Google have been under a barrage of constant fire recently for their practices both on the data collection and distribution sides. On the one hand, they seem to obsessively track and analyze their users while on the other it appears they only show screen results they want the user to have.

Google was dragged into the Northern District of California U.S. District courtroom recently over data collection practices. The suit alleged “surreptitious user location tracking,” after an Associated Press news report suggesting that, “Google was tracking user location even when they arranged their privacy settings to do otherwise.”

Facebook faces similar charges to Tiny Lab in the California Northern District. A pair of lawsuits are pending charging Facebook with “collecting and sharing user data with third parties to build profiles.”