On the conformance of Android applications with children's data protection regulations and safeguarding guidelines

Abstract: With the rapid development of online technologies and the widespread usage of mobile phones among children, it is crucial to protect their online safety. Some studies reported that online abuse and incidents negatively affect children's mental health and development. In this paper, we examine how Android applications follow the rules related to children's data protection in the EU General Data Protection Regulation (GDPR) and the UK and EU children's online safeguarding guidelines. Our findings show that the number of non-compliant apps is still significant. Even the apps designed for children do not always comply with legislation or guidance. This lack of compliance could contribute to creating a path to causing physical or mental harm to children. We then discuss the relevance of automating the compliance verification and online safety risk assessment, including open questions, challenges, possible approaches, and directions.