The three apps include: Number Colouring, Princess Salon, and Cats & Cosplay. These apps saw a total download volume higher than 20 million. IDAC states that certain problems were found in the data collection practices by three software development kits employed within the apps’ frameworks.
The three software development kits (SDKs) used in the apps; Umeng, Unity, and Appodeal were not in compliance with Google Play policies concerning data collection. In some cases, certain versions of Unity’s SDK were collecting users’ Android ID and AAID simultaneously, clearly breaking Google’s privacy policies. It is also believed that these loopholes could allow developers bypass privacy controls and track users across devices. However, IDAC have not released any details telling how much user data was compromised by these apps. This comes months after Play Store got rid of hundred of apps described as “creepware”. This incident sheds light on the complex nature of certain apps and the need for regulating platforms to ensure the safety and privacy of users round the clock. References