Analysis of 38 commonly used baby apps suggests many are “hardcoded” to be able to access, and potentially share, data such as photos, family routines, gender, age, date of birth, behavioural, developmental and health information, baby sleep patterns and BMI.

Additional data including a user’s location, phone number access, user identifiers and microphone and camera access can be granted through additional “invasive” permissions, researchers have found.

Many parents struggle to make informed decisions regarding app use due to confusing privacy conditions, according to researchers Katrin Langton from the ARC Centre of Excellence for the Digital Child at Deakin University and Rebecca Ng from the University of Wollongong.

“While many commercial baby apps are ‘free’ to download and use, users effectively ‘pay’ by consenting to the collection and sharing of their personal data for a wide range of uses beyond the context of the particular app,” Dr Langton said.

She said for some apps, the “level of monetisation through the sharing of user data with third parties is disproportionate, arguably bordering on exploitation”.

The 38 apps examined contained a total of 293 tracking signatures, with 58 unique trackers across the sample, and an average of seven trackers per app.

Some of these include potentially “dangerous” permissions which include allowing access to the user’s camera and other personal data stored on the phone.

Dr Langton said persistent tracking, aggregation and linking up of user data can “allow re-identification of users, even when individual data sets have been anonymised”.

“These practices pose risks to the data privacy of users – and potentially their children. Yet, users frequently feel there is no ability to opt-out of data-sharing or to provide meaningful consent, as mobile apps’ privacy policies are often excessively long, vague, and contradictory,” she said.

“For users, baby apps’ data may only be relevant for a short period of the life-course. Yet, the data produced and shared during app use may persist and circulate via a wide range of online data-sharing and brokering networks,” Dr Langton said.

The research comes as the United Nations Convention on the Rights of the Child has also been extended to children’s digital rights.

In Australia, children’s online rights have been included in the Privacy Act, with the Children’s Online Privacy Code currently under development. However, there are early indications that only digital technologies and data that are used and shared by children themselves will be protected under the code.

What the researchers found

amma

Researchers found amma has a high number of invasive app permissions and tracking signatures embedded into its code, but at the same time, its privacy policy is very comprehensive and provides detail and context for the wide range of user tracking it engages in.

Flo

Flo similarly provides a comprehensive policy, including a range of visualisations to make otherwise elusive data-sharing practices easier to understand. However, researchers identified some discrepancies between the use of analytics tracker, AppsFlyer, and the sharing of data with third parties.

Huckleberry

Of the three apps analysed, Huckleberry indicated it collected the most personal and wellbeing information about children from parents. This is not surprising considering the premise of the app: a baby-tracker that provides parents with sleep plans, schedules, etc. of infants and toddlers based on the data shared.

What should parents do?

In the absence of regulatory frameworks that adequately protect children’s data in baby apps, families should:

■ Regularly check and update app permissions in phone and app settings.

■ Delete apps that are no longer in use to minimise the risk of ongoing data collection, and where possible contact the app provider to ask for already collected data to be deleted.

■ Read privacy policies – while they may be convoluted, they can help users make better-informed decisions about the ways they share personal and sensitive information about themselves and their children.

Both Apple and Google app stores also provide privacy summaries which can quickly inform users on how an app may collect and share data.

These summaries are basic but can serve as a point of comparison before downloading a particular app and can be used alongside other privacy-oriented services such as Exodus Privacy.

More Coverage

Avoid the app trap: Experts share tips for newborn parenting success

Darcy Fitzgerald

‘My phone is always buzzing’: New reason Aussie parents are exhausted

Lauren Novak, Kate Uren

Originally published as Tech firms behind popular baby apps are harvesting and potentially on-selling mums and bubs’ private data, experts warn