For instance, app developers and advertisers aren’t supposed to obtain the unique digital code that’s programmed into every phone. This code could be used to track everything done on a phone for its entire lifetime. And since some apps also ask for a user’s name, those actions could be associated with specific person.
Under federal law, this kind of sensitive data is never to be downloaded from a device used by a child under age 13 without parental consent. But in a report last year, Egelman said that of the 5,000 apps specifically developed for children that he tested, more than half transmitted phone ID codes or other sensitive data that could help to identify the users without permission. This would appear to violate a federal law enacted in 2000 to protect the online privacy of children.