The COVID-19 pandemic saw schools nationwide shift to digital services as a way to keep kids safely educated during months-long lockdowns. Now, new research suggests that move might have subjected those students to an unprecedented amount of surveillance, too.
According to a more than 133-page report published Tuesday by the tech-focused nonprofit Internet Safety Labs (ISL), the vast majority of apps that schools suggest (or sometimes require) students download are sharing their data with third parties. More than two thirds of those apps—78%—were caught sharing data for the purposes of monetizing those students in some way, while nearly all (96%) were caught sharing students’ device data with some sort of tech company, like Google
To come up with those figures, the ISL Team took a random sample of 13 schools in each state, and went over each school’s website “with a fine toothed comb,” to figure out which apps schools required or suggested students download . Of the 633 schools surveyed, the team found 11 apps being either suggested or required on average. But some individual schools took things a bit further. Mountain Phoenix Community School, a public school in Colorado, for example, suggested students download more than 1,400 apps, the report said.
According to Lisa LeVasseur, ISL’s Executive Director, this “more is better” approach to apps “comes from a good place.”
“I think they’re just trying to give students support,” LeVasseur said. “They’re saying ‘Oh, there’s all this technology out there that can help you succeed.’ I don’t think they’re thinking about harms; they’re just trying to be helpful.”
And in some cases, these apps are genuinely helpful; the 1,722 apps that the team surveyed included “school utility apps” meant to keep students (and parents) abreast of changes to bussing schedules or potential snow days. Other apps were meant to make it easier for students to send photos for their schools’ yearbook, or to log in for attendance virtually.
Of these apps, the team found 68% sending some sort of device data—like a phone’s location, or a students’ login details—to Google. Some 34% of those same apps were caught sending similar data to Apple
Nearly a quarter of these apps (23%) were caught running ads in-app, and were sharing data with some sort of lesser-known advertising entity in order to run those ads. Some of these companies included Apptegy, a marketing platform for schools, and InMarket Media, a self-defined data broker specializing in device location data.
Online digital advertising uses labyrinthian networks to ingest data for ad targeting. As Irene Knapp, ISL’s technology director put it, there’s “no way” to establish whether a given data point was sourced from a child—and no way to know which company might use that data for tracking down the line.
“At the end of the day, these apps are commercial undertakings, and children are the product,” she said. “For now, the best we can do [for them] is demand better.”