23 Apr School Apps Are Collecting Kids’ Data — Often Before They Even Start Learning

Posted at 06:30h in Editors Picks, Inform, Uncategorized, Validate by

New Australian research from the UNSW Institute for Cyber Security, has found many school-approved apps begin collecting children’s data within seconds — often without clear consent. Here’s what families and educators need to know, and what can change.

The hidden cost of “trusted” school apps

Parents and teachers often assume that apps recommended by schools are safe. But new research from the UNSW Institute for Cyber Security suggests that trust may be misplaced.

An audit of nearly 200 school-endorsed apps found many begin collecting sensitive data almost immediately — sometimes before a child even taps the screen.

As classrooms increasingly rely on digital tools, the findings raise important questions about privacy, oversight and who is really responsible for protecting children online.

Data collection starts instantly

One of the most concerning findings is just how quickly data collection begins.

The study found that almost 90% of apps started transmitting data to third parties as soon as they were opened — even without any interaction.

This data can include:

  • Device identifiers
  • Location-related information
  • Tracking data used for analytics or advertising

In many cases, these tracking tools — such as analytics software — are not necessary for the app’s educational function.

Privacy policies: too complex — or not accurate

Even when apps provide privacy policies, they’re often not helpful to families.

Researchers found:

  • Only 3% of policies were easy to understand
  • Most required university-level reading skills
  • Many didn’t match what the app actually did

In fact, only about one in four apps accurately described their data practices.

Some apps that claimed “no data collection” were found transmitting identifiers within seconds of opening. Others promised “no tracking” but still sent data to analytics platforms.

For parents, this means reading the policy may not give a clear or reliable picture.

“Kids” apps aren’t safer

Apps marketed specifically for children — using terms like “Kids”, “Preschool” or “ABC” — might seem more trustworthy. But the research found that’s not the case.

In some instances, child-focused apps performed worse when it came to transparency and data practices.

Researchers described this as an “illusion of safety” — where branding builds trust without delivering stronger protections.

Security risks add another layer

Beyond privacy concerns, the study also identified technical security issues.

Around 80% of apps contained “hard-coded secrets” — embedded passwords or keys that could potentially be accessed if the app was reverse-engineered.

While this might sound highly technical, it points to a broader issue: many apps used in schools may not meet strong security standards.

Who’s checking these apps?

Perhaps most concerning is the gap in oversight.

Schools typically rely on approved app lists from education departments. These lists are assumed to reflect thorough vetting — but the research suggests otherwise.

According to the study, assessments often:

  • Focus on surface-level features
  • Don’t test how apps behave in real time
  • Don’t evaluate how readable or accurate privacy policies are

Teachers, already stretched for time and resources, may not have the capacity to assess these risks themselves. Parents, meanwhile, trust that approval means safety.

What needs to change

The researchers argue that responsibility shouldn’t fall on families alone — and that broader, system-level change is needed.

Key recommendations include:

  • Clear, plain-language privacy policies for parents
  • Stronger regulation of “child-directed” apps
  • Limits on data collection before a user interacts with an app
  • Better vetting processes by education systems

One proposed solution is a simple “traffic light” rating tool that would give parents an easy-to-understand snapshot of an app’s privacy and security risks.

What parents and educators can do now

While larger changes take time, there are a few practical steps families and schools can take:

  • Ask questions: What data does this app collect — and why?
  • Limit access: Only download apps that are genuinely needed
  • Review permissions: Check what the app can access on the device
  • Stay informed: Keep an eye on school communications about digital tools

The bottom line

Digital learning is here to stay — and it brings real benefits. But this research highlights a gap between what we assume is safe and what’s actually happening behind the screen.

For parents and educators, it’s not about avoiding technology altogether. It’s about asking better questions — and pushing for systems that genuinely put children’s safety first.

“Analysing Privacy Risks in Children’s Educational Apps in Australia,” was conducted by Sicheng Jin, Rahat Masood, Jung-Sook Lee, and Hye-Young (Helen) Paik at the University of New South Wales, with funding from the UNSW Human Rights Institute. It was presented at the Symposium on Usable Security and Privacy (USEC) in February 2026.

 

RELATED POSTS

young-girl-in-bed-on-smartphone2160Google promotes ‘teacher approved’ apps for kids. Here’s what parents should know. measles boyThere is a new measles alert in Australia Most adults will gain half a kilo this year – and every year
Tags:
, , , , , , ,
Print page
Editor
editor@childmags.com.au