The report tracked 164 educational apps and websites from these countries, including some from India. In its analysis of the apps, HRW found that of the 164 apps and websites, as many as 146 or 89 per cent engaged in some behaviour which put the safety, privacy and confidentiality of children using these platforms for education, at risk.
In India, HRW analysed apps such as Diksha, which is an initiative of the National Council of Educational Research and Training (NCERT) and is run and managed by the Ministry of Education, the e-pathshala app, which is also managed by the NCERT, as well as privately run Khan Academy, Smart Q, and Top Parent.
The analysis found that these apps indulged in practices such as collecting the android identity of devices, using fingerprinting to identify the device, collecting precise location data, and installing software development kits (SDK) which were not necessary for the functioning of the app but collected information for advertising.
For example, HRW’s analysis found that the government-run app Diksha collected information such as the device’s precise location data, including the date and time of their current location and their last known location.
“Diksha also granted access to its students’ location data to Google, through the two SDKs—Google Firebase Analytics and Google Crashlytics—embedded in the app. Through dynamic analysis, Human Rights Watch observed Diksha collecting and transmitting children’s AAID to Google. It appears that Diksha shares children’s personal data with Google for advertising purposes,” HRW said in its report.
Discover the stories of your interest
Similarly, an analysis of Khan Academy and Smart Q found that these apps had, within their apps, SDKs, which were not necessary or crucial to the functioning, but collected data and transmitted it to third party advertising technology firms. HRW also said that these apps did not allow the users, which were mostly children, the option to deny their data being shared with a third party.
“While some SDKs provide core functionality that is needed for an app to work or to improve its technical performance, others are designed solely for advertising—to track users’ actions within the app, guess at their preferences, and display the most persuasive ad at the most persuasive time. Still, other SDKs provide tracking services that are designed to secretly collect data about the user that can later be compiled and sold,” HRW said in its report.
