Friend
Professional
- Messages
- 2,659
- Reaction score
- 867
- Points
- 113
The study found that many educational platforms are asking for sensitive data.
A study by Cybernews found that popular educational apps such as Coursera, Duolingo, Moodle, and Udemy have access to users' personal data. Technology is being actively introduced into the educational process in schools and universities, with Generation Z becoming the main driver of this process. However, along with the convenience of using applications, the question of personal data protection arises.
The education app sector is growing rapidly. According to Business of Apps, 709 million people used learning apps in 2023, generating $5.93 billion in revenue. It's no surprise that the education sector is the second most popular on the Google Play Store and the third most popular on the Apple App Store.
However, users can pay for the convenience and interactivity of learning with their privacy. The Cybernews team conducted a study of top educational apps and found that many of them request access to sensitive user data.
The methodology of the study included the analysis of 25 popular educational apps with millions of downloads on the Google Play Store. Experts evaluated what permissions applications request and what privacy implications may arise. Google explains that permissions in Android help users control what data and features on their device apps can use, which provides additional protection for personal information.
Ideally, developers should only request permissions that are necessary for the app to function. However, the results of previous research by Cybernews, including the example of airline apps and travel planning, have shown that this rule is not always followed. Users should be careful about permissions, especially those related to access to personal information, such as location, camera, contacts, or data storage.
While access to data does not necessarily lead to misuse, there is always a risk. The Cybernews team asked application developers why their programs need such permissions, but did not receive answers.
The study identified "champions" in the number of confidential permissions requested. The leader was the San Francisco-based Remind app, which provides communication services for schools. It asks for 12 confidential permissions. It is followed by the online learning platform Coursera (11 resolutions), the AI homework assistant Question.AI (10), the course management systems Moodle (10) and ClassDojo (9).
The camera has become one of the most frequently requested components of devices. Camera access allows apps to take photos, record videos, and make video calls, making it easier to create content and interact with the app. For educational purposes, the camera is used, for example, to create pictures that can be uploaded to the app. However, if access to the camera is compromised, attackers can gain the ability to use the camera and microphone without authorization. A total of 17 tested educational apps have access to the camera:
Five apps, including Coursera and Duolingo, ask for excessive and potentially harmful permissions to access accounts on the device. This access allows the app to get a list of accounts registered on the device, such as Google, Meta, and Samsung. Account information may contain sensitive information, including email addresses, usernames, and account IDs.
The Duolingo app asks for permission to access the contacts stored on the device. Contact information is considered sensitive because it may contain personal information about friends, family, colleagues, and acquaintances, including names, phone numbers, and email addresses.
Accessing the data storage on the device can also carry risks. The study found that 21 of the tested apps have the ability to write data to the device's storage, and 20 apps can read files. The PictureThis app, for example, has access to the geolocation of images, which allows it to know where the pictures were taken.
Some apps ask for data about the status of the phone, including the phone number and IMEI codes. Khan Academy, Question.AI, and Remind apps require access to such information, which can be used to intercept communications and identify the device.
Ten of the apps reviewed can access the device's microphone, including Blackboard Learn, Canvas Student, Canvas Teacher, ClassDojo, Duolingo, Moodle, Lingokids, PBS Kids, Question.AI, and Remind. While this feature may be necessary during the training process, if used incorrectly, it can lead to unauthorized surveillance and capture of confidential conversations.
The Remind platform requires users to grant permission to access calls, SMS messages, and Bluetooth. If used incorrectly, these permissions can lead to privacy violations and fraudulent communications.
Four of the apps tested were able to access the approximate location of users: ClassDojo, Moodle, Question.AI, and Sololearn. Two apps – Moodle and Question.AI – have access to the exact location. Location permissions are considered particularly sensitive because they give the app access to precise information about the location of the device.
To protect data, Cybernews recommends that you always carefully study what permissions are requested by applications and, if they seem excessive, refuse to use such applications.
Source
A study by Cybernews found that popular educational apps such as Coursera, Duolingo, Moodle, and Udemy have access to users' personal data. Technology is being actively introduced into the educational process in schools and universities, with Generation Z becoming the main driver of this process. However, along with the convenience of using applications, the question of personal data protection arises.
The education app sector is growing rapidly. According to Business of Apps, 709 million people used learning apps in 2023, generating $5.93 billion in revenue. It's no surprise that the education sector is the second most popular on the Google Play Store and the third most popular on the Apple App Store.
However, users can pay for the convenience and interactivity of learning with their privacy. The Cybernews team conducted a study of top educational apps and found that many of them request access to sensitive user data.
The methodology of the study included the analysis of 25 popular educational apps with millions of downloads on the Google Play Store. Experts evaluated what permissions applications request and what privacy implications may arise. Google explains that permissions in Android help users control what data and features on their device apps can use, which provides additional protection for personal information.
Ideally, developers should only request permissions that are necessary for the app to function. However, the results of previous research by Cybernews, including the example of airline apps and travel planning, have shown that this rule is not always followed. Users should be careful about permissions, especially those related to access to personal information, such as location, camera, contacts, or data storage.
While access to data does not necessarily lead to misuse, there is always a risk. The Cybernews team asked application developers why their programs need such permissions, but did not receive answers.
The study identified "champions" in the number of confidential permissions requested. The leader was the San Francisco-based Remind app, which provides communication services for schools. It asks for 12 confidential permissions. It is followed by the online learning platform Coursera (11 resolutions), the AI homework assistant Question.AI (10), the course management systems Moodle (10) and ClassDojo (9).
The camera has become one of the most frequently requested components of devices. Camera access allows apps to take photos, record videos, and make video calls, making it easier to create content and interact with the app. For educational purposes, the camera is used, for example, to create pictures that can be uploaded to the app. However, if access to the camera is compromised, attackers can gain the ability to use the camera and microphone without authorization. A total of 17 tested educational apps have access to the camera:
Five apps, including Coursera and Duolingo, ask for excessive and potentially harmful permissions to access accounts on the device. This access allows the app to get a list of accounts registered on the device, such as Google, Meta, and Samsung. Account information may contain sensitive information, including email addresses, usernames, and account IDs.
The Duolingo app asks for permission to access the contacts stored on the device. Contact information is considered sensitive because it may contain personal information about friends, family, colleagues, and acquaintances, including names, phone numbers, and email addresses.
Accessing the data storage on the device can also carry risks. The study found that 21 of the tested apps have the ability to write data to the device's storage, and 20 apps can read files. The PictureThis app, for example, has access to the geolocation of images, which allows it to know where the pictures were taken.
Some apps ask for data about the status of the phone, including the phone number and IMEI codes. Khan Academy, Question.AI, and Remind apps require access to such information, which can be used to intercept communications and identify the device.
Ten of the apps reviewed can access the device's microphone, including Blackboard Learn, Canvas Student, Canvas Teacher, ClassDojo, Duolingo, Moodle, Lingokids, PBS Kids, Question.AI, and Remind. While this feature may be necessary during the training process, if used incorrectly, it can lead to unauthorized surveillance and capture of confidential conversations.
The Remind platform requires users to grant permission to access calls, SMS messages, and Bluetooth. If used incorrectly, these permissions can lead to privacy violations and fraudulent communications.
Four of the apps tested were able to access the approximate location of users: ClassDojo, Moodle, Question.AI, and Sololearn. Two apps – Moodle and Question.AI – have access to the exact location. Location permissions are considered particularly sensitive because they give the app access to precise information about the location of the device.
To protect data, Cybernews recommends that you always carefully study what permissions are requested by applications and, if they seem excessive, refuse to use such applications.
Source
