Anirudh Ekambaranathan,Jun Zhao,Max Van Kleek

DOI: https://doi.org/10.48550/arXiv.2111.14596

IF: 6.4588

2021-11-29

Human-Computer Interaction

Abstract:The industry for children's apps is thriving at the cost of children's privacy: these apps routinely disclose children's data to multiple data trackers and ad networks. As children spend increasing time online, such exposure accumulates to long-term privacy risks. In this paper, we used a mixed-methods approach to investigate why this is happening and how developers might change their practices. We base our analysis against 5 leading data protection frameworks that set out requirements and recommendations for data collection in children's apps. To understand developers' perspectives and constraints, we conducted 134 surveys and 20 semi-structured interviews with popular Android children's app developers. Our analysis revealed that developers largely respect children's best interests; however, they have to make compromises due to limited monetisation options, perceived harmlessness of certain third-party libraries, and lack of availability of design guidelines. We identified concrete approaches and directions for future research to help overcome these barriers.

Yumeng Zhu,Ge Wang,Yan Li,Jun Zhao

DOI: https://doi.org/10.1080/10447318.2024.2372146

IF: 4.92

2024-01-01

International Journal of Human-Computer Interaction

Abstract:Datafication, the process where users' actions online are pervasively recorded, tracked, aggregated, analysed, and exploited by online services in multiple ways, is becoming increasingly common today. However, we know little about how children, especially non-Western children, perceive such practices. Through one-to-one semi-structured interviews with 36 children aged 11-14 from Chinese middle schools, we examined how Chinese children perceive datafication practices. We identified three knowledge gaps in children's current perceptions of datafication practices online, including their lack of recognition of (i) their data ownership, (ii) data being transmitted across platforms, and (iii) datafication could go beyond video recommendation and include inferences and profiling of their personal aspects. Through contextualising these observations within the Chinese context and its unique online ecosystem, we identified cultural traits in Chinese children's perceptions of datafication. We drew on education theories to discuss how to support the future digital literacy development and design online platforms for Chinese children.

Anirudh Ekambaranathan,Jun Zhao,Max Van Kleek

DOI: https://doi.org/10.1145/3411764.3445599

2021-05-06

Abstract:The industry for children’s apps is thriving at the cost of children’s privacy: these apps routinely disclose children’s data to multiple data trackers and ad networks. As children spend increasing time online, such exposure accumulates to long-term privacy risks. In this paper, we used a mixed-methods approach to investigate why this is happening and how developers might change their practices. We base our analysis against 5 leading data protection frameworks that set out requirements and recommendations for data collection in children’s apps. To understand developers’ perspectives and constraints, we conducted 134 surveys and 20 semi-structured interviews with popular Android children’s app developers. Our analysis revealed that developers largely respect children’s best interests; however, they have to make compromises due to limited monetisation options, perceived harmlessness of certain third-party libraries, and lack of availability of design guidelines. We identified concrete approaches and directions for future research to help overcome these barriers.

Jun Zhao,Ulrik Lyngs,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.1809.10841

2018-09-28

Computers and Society

Abstract:Tablet computers are widely used by young children. A report in 2016 shows that children aged 5 to 15 years are spending more time online than watching TV. A 2017 update of the same report shows that parents are becoming more concerned about their children's online risks compared to the previous year. Parents are working hard to protect their children's online safety. An increasing number of parents are setting up content filtering at home or having regular discussions with their children regarding online risks. However, although risks related to Social Media platforms or social video sharing sites (like YouTube) are widely known, risks posed by mobile applications or games (i.e. `apps') are less known. Behind the cute characters, apps used by children can not only have the possibility of exposing them to age-inappropriate content or excessive in-app promotions, but may also make a large amount of their personal information accessible to third-party online marketing and advertising industry. Such practices are not unique to children's apps, but young children are probably less capable of resisting the resulting personalised advertisements and game promotions. In this report, we present findings from our online survey of 220 parents with children aged 6-10, mainly from the U.K. and other western countries, regarding their privacy concerns and expectations of their children's use of mobile apps. Parents play a key role in children's use of digital technology, especially for children under 10 years old. Recent reports have highlighted parents' lack of sufficient support for choosing appropriate digital content for their children. Our report sheds some initial light on parents' key struggles and points to immediate steps and possible areas of future development.

Anirudh Ekambaranathan,Jun Zhao,Max Van Kleek

2023-06-02

Abstract:Mobile apps used by children often make use of harmful techniques, such as data tracking and targeted advertising. Previous research has suggested that developers face several systemic challenges in designing apps that prioritise children's best interests. To understand how developers can be better supported, we used a Research through Design (RtD) method to explore what the future of privacy-friendly app development could look like. We performed an elicitation study with 20 children's app developers to understand their needs and requirements. We found a number of specific technical requirements from the participants about how they would like to be supported, such as having actionable transnational design guidelines and easy-to-use development libraries. However, participants were reluctant to adopt these design ideas in their development practices due to perceived financial risks associated with increased privacy in apps. To overcome this critical gap, participants formulated socio-technical requirements that extend to other stakeholders in the mobile industry, including parents and marketplaces. Our findings provide important immediate and long-term design opportunities for the HCI community, and indicate that support for changing app developers' practices must be designed in the context of their relationship with other stakeholders.

Human-Computer Interaction

Minxing Liu,Haoyu Wang,Yao Guo,Jason Hong

DOI: https://doi.org/10.1145/2873587.2873597

2016-01-01

Abstract:One aspect of privacy that has not been well explored is privacy for children. We present the design and evaluation of a machine learning model for predicting whether a mobile app is designed for children, which is an important step in helping to enforce the Children's Online Privacy Protection Act (COPPA). We evaluated our model on 1,728 apps from Google Play and achieved 95% accuracy. We also applied our model on a set of nearly 1 million free apps from Google Play, and identified almost 68,000 apps for kids. We then conducted a privacy analysis of the usage of third-party libraries for each app, which can help us understand some of the app's privacy-related behaviors. We believe this list can serve as a good start point for further fine-grained privacy analysis on mobile apps for children.

Kathryn C. Montgomery,Jeff Chester,Tijana Milosevic,Kathryn C Montgomery

DOI: https://doi.org/10.1542/peds.2016-1758O

2019-10-03

PEDIATRICS

Abstract:This article focuses on the privacy implications of advertising on social media, mobile apps, and games directed at children. Academic research on children's privacy has primarily focused on the safety risks involved in sharing personal information on the Internet, leaving market forces (such as commercial data collection) as a less discussed aspect of children's privacy. Yet, children's privacy in the digital era cannot be fully understood without examining marketing practices, especially in the context of "big data." As children increasingly consume content on an ever-expanding variety of digital devices, media and advertising industries are creating new ways to track their behaviors and target them with personalized content and marketing messages based on individual profiles. The advent of the so-called Internet of Things, with its ubiquitous sensors, is expanding these data collection and profiling practices. These trends raise serious concerns about digital dossiers that could follow young people into adulthood, affecting their access to education, employment, health care, and financial services. Although US privacy law provides some safeguards for children younger than 13 years old online, adolescents are afforded no such protections. Moreover, scholarship on children and privacy continues to lag behind the changes taking place in global media, advertising, and technology. This article proposes collaboration among researchers from a range of fields that will enable cross-disciplinary studies addressing not only the developmental issues related to different age groups but also the design of digital media platforms and the strategies used to influence young people.

pediatrics

Ge Wang,Jun Zhao,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.1145/3476084

2021-10-13

Abstract:Parental control apps, which are mobile apps that allow parents to monitor and restrict their children's activities online, are becoming increasingly adopted by parents as a means of safeguarding their children's online safety. However, it is not clear whether these apps are always beneficial or effective in what they aim to do; for instance, the overuse of restriction and surveillance has been found to undermine parent-child relationship and children's sense of autonomy. While previous research has categorised and taken inventory of key features of popular parental control apps, they have not systematically analysed the ways such features were designed or realised in such apps, or in particular how aspects of such designs might relate to parents and children's experiences with such apps. In this work, we investigate this gap, asking specifically: how might children's and parents' perceptions be related to how parental control features were designed? To investigate this question, we conducted an analysis of 58 top Android parental control apps designed for the purpose of promoting children's online safety, finding three major axes of variation in how key restriction and monitoring features were realised: granularity, feedback/transparency, and parent-child communications support. To relate these axes to perceived benefits and problems, we then analysed 3264 app reviews to identify references to aspects of the each of the axes above, to understand children's and parents' views of how such dimensions related to their experiences with these apps. Our findings led towards 1) an understanding of how parental control apps realise their functionalities differently along three axes of variation, 2) an analysis of exactly the ways that such variation influences children's and parents' perceptions, respectively of the usefulness or effectiveness of these apps, and finally 3) an identification of design recommendations and opportunities for future apps by contextualising our findings within existing digital parenting theories.

English Else

Jun Zhao,Ge Wang,Carys Dally,Petr Slovak,Julian Childs,Max Van Klee,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.1901.10245

IF: 6.4588

2019-01-29

Human-Computer Interaction

Abstract:Children under 11 are often regarded as too young to comprehend the implications of online privacy. Perhaps as a result, little research has focused on younger kids' risk recognition and coping. Such knowledge is, however, critical for designing efficient safeguarding mechanisms for this age group. Through 12 focus group studies with 29 children aged 6-10 from UK schools, we examined how children described privacy risks related to their use of tablet computers and what information was used by them to identify threats. We found that children could identify and articulate certain privacy risks well, such as information oversharing or revealing real identities online; however, they had less awareness with respect to other risks, such as online tracking or game promotions. Our findings offer promising directions for supporting children's awareness of cyber risks and the ability to protect themselves online.

Didem Özkul

DOI: https://doi.org/10.1093/jcmc/zmac015

2022-09-07

Abstract:Children start using smartphones increasingly from early ages. This makes it more difficult for them to develop an understanding of online privacy and managing their personal data. Many parents monitor and regulate children's online media use. However, they also encourage using smartphones to ensure the safety and security of their children. This study explores how children use smartphones in relation to their understanding of privacy of communication, content, data, and location. It examines data from 7 focus groups with arts-based methods conducted with 37 children in UK. The findings suggest that children think of their smartphones as a private communication technology and a private place, and they manage their locational privacy based on the necessity of using a mobile app and through adjusting the location settings on their phones. The findings also suggest that privacy of mobile data and user content are dependent on where mobile communication takes place.

communication,information science & library science

Konrad Kollnig,Anastasia Shuba,Reuben Binns,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.2478/popets-2022-0033

2021-12-20

Abstract:While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children's category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children's location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children's apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.

Cryptography and Security,Computers and Society

Konrad Kollnig,Anastasia Shuba,Reuben Binns,Max Van Kleek,Nigel Shadbolt

DOI: https://doi.org/10.2478/popets-2022-0033

2022-03-03

Proceedings on Privacy Enhancing Technologies

Abstract:Abstract While many studies have looked at privacy properties of the Android and Google Play app ecosystem, comparatively much less is known about iOS and the Apple App Store, the most widely used ecosystem in the US. At the same time, there is increasing competition around privacy between these smartphone operating system providers. In this paper, we present a study of 24k Android and iOS apps from 2020 along several dimensions relating to user privacy. We find that third-party tracking and the sharing of unique user identifiers was widespread in apps from both ecosystems, even in apps aimed at children. In the children’s category, iOS apps tended to use fewer advertising-related tracking than their Android counterparts, but could more often access children’s location. Across all studied apps, our study highlights widespread potential violations of US, EU and UK privacy law, including 1) the use of third-party tracking without user consent, 2) the lack of parental consent before sharing personally identifiable information (PII) with third-parties in children’s apps, 3) the non-data-minimising configuration of tracking libraries, 4) the sending of personal data to countries without an adequate level of data protection, and 5) the continued absence of transparency around tracking, partly due to design decisions by Apple and Google. Overall, we find that neither platform is clearly better than the other for privacy across the dimensions we studied.

Mariya Stoilova,Sonia Livingstone,Rishita Nandagiri

DOI: https://doi.org/10.17645/mac.v8i4.3407

IF: 3.043

2020-11-10

Media and Communication

Abstract:How do children understand the privacy implications of the contemporary digital environment? This question is pressing as technologies transform children’s lives into data which is recorded, tracked, aggregated, analysed and monetized. This article takes a child-centred, qualitative approach to charting the nature and limits of children’s understanding of privacy in digital contexts. We conducted focus group interviews with 169 UK children aged 11–16 to explore their understanding of privacy in three distinct digital contexts—interpersonal, institutional and commercial. We find, first, that children primarily conceptualize privacy in relation to interpersonal contexts, conceiving of personal information as something they have agency and control over as regards deciding when and with whom to share it, even if they do not always exercise such control. This leads them to some misapprehensions about how personal data is collected, inferred and used by organizations, be these public institutions such as their schools or commercial businesses. Children’s expectation of agency in interpersonal contexts, and their tendency to trust familiar institutions such as their schools, make for a doubly problematic orientation towards data and privacy online in commercial contexts, leading to a mix of frustration, misapprehension and risk. We argue that, since the complexity of the digital environment challenges teachers’ capacity to address children’s knowledge gaps, businesses, educators, parents and the state must exercise a shared responsibility to create a legible, transparent and privacy-respecting digital environment in which children can exercise genuine choice and agency.

communication

Ge Wang,Jun Zhao,Nigel Shadbolt

DOI: https://doi.org/10.48550/arXiv.1902.02635

IF: 6.4588

2019-02-06

Human-Computer Interaction

Abstract:The age of children adopting digital technologies, such as tablets or smartphones, is increasingly young. However, children under 11 are often regarded as too young to comprehend the concept of online privacy. Limited research studies have focused on children of this age group. In the summer of 2018, we conducted 12 focus group studies with 29 children aged 6-10 from Oxfordshire primary schools. Our research has shown that children have a good understanding of certain privacy risks, such as information oversharing or avoiding revealing real identities online. They could use a range of descriptions to articulate the risks and describe their risk coping strategies. However, at the same time, we identified that children had less awareness concerning other risks, such as online tracking or game promotions. Inspired by Vygotsky's Zone of Proximal Development (ZPD), this study has identified critical knowledge gaps in children's understanding of online privacy, and several directions for future education and technology development. We call for attention to the needs of raising children's awareness and understanding of risks related to online recommendations and data tracking, which are becoming ever more prevalent in the games and content children encounter. We also call for attention to children's use of language to describe risks, which may be appropriate but not necessarily indicate a full understanding of the threats.

Yanjie Zhao,Tianming Liu,Haoyu Wang,Yepang Liu,John Grundy,Li

DOI: https://doi.org/10.1145/3543507.3583534

2023-01-01

Abstract:As smartphones and mobile apps permeate every aspect of people’s lives, children are accessing mobile devices at an increasingly younger age. The inescapable exposure of advertisements in mobile apps to children has grown alarmingly. Mobile advertisements are placed by advertisers and subsequently distributed by ad SDKs, under the rare control of app developers and app markets’ content ratings. Indeed, content that is objectionable and harmful to children’s mental health has been reported to appear in advertising, such as pornography. However, few studies have yet concentrated on automatically and comprehensively identifying such kid-unsuitable mobile advertising. In this paper, we first characterize the regulations for mobile ads relating to children. We then propose our novel automated dynamic analysis framework, named AdRambler, that attempts to collect ad content throughout the lifespan of mobile ads and identify their inappropriateness for child app users. Using AdRambler, we conduct a large-scale (25,000 mobile apps) empirical investigation and reveal the non-incidental presence of inappropriate ads in apps with child-included target audiences. We collected 11,270 ad views and identified 1,289 ad violations (from 775 apps) of child user regulations, with roughly half of the app promotions not in compliance with host apps’ content ratings. Our finding indicates that even certified ad SDKs could still propagate inappropriate advertisements. We further delve into the question of accountability for the presence of inappropriate advertising and provide concrete suggestions for all stakeholders to take action for the benefit of children.

Ying Chen

2014-01-01

Abstract:Recent advances in social media and smart mobile technologies make ubiquitous information and communication environments more of a technical reality than a distant vision. The sweeping popularity of these information and communication environments also affects children and adolescents (later referred as “children”). There is a dearth of systematic scholarly work examining those threats for children’s protection. In addressing this void, the goal of our research is to explore and understand the risks and threats of such information and communication environments on children. In particular, our primary research interests lie in the three main threats to children’s online safety (Palfrey et al., 2008): online harassment and cyberbullying, exposure to problematic contents, sexual solicitation and Internet-initiated offline encounters. Online harassment and cyberbullying mostly occur in social media, and always involve offensive language. Since the textual contents on online social media are highly unstructured, informal, and often misspelled, existing research on message-level offensive language detection cannot accurately detect offensive content. Meanwhile, user-level offensiveness detection is an under researched area. We propose the Lexical Syntactic Feature (LSF) architecture to detect offensive contents and identify cyber bullies. Results from experiments showed that the LSF framework achieves accuracy of 96.6%, 77.8% in sentence and user offensiveness detection respectively. Besides, the processing speed of LSF is 10 ms per sentence, suggesting its potential for effective deployment in social media. Problematic contents and solicitation mostly appear on mobile platforms. Since people are heavily relying on the search results and rankings on app stores to explore new apps, on the market side, we must help parents easily choose appropriate apps for their kids with minimal online threats. Since we concern about problematic contents and cyber solicitation, and posting personal information and interacting with online strangers are the two major types of behaviors expose children to cyber solicitation (Ybarra et al., 2007), we monitor two types of risks on mobile devices: content risks and privacy risks. For content risks, we develop automatic mechanisms to detect problematic contents and verify the content ratings of mobile apps and in-app ads. The results show that 27.8% of Android apps have unreliable content ratings. In addition, a large percent of the in-app advertisements carry inappropriate contents for children, and 35.9% of Android in-app ads and 38.9% of iOS in-app ads are found exceeding the host apps’ content ratings. For privacy risks, we adopt the contextual integrity theory (Nissenbaum, 2009) to develop quantitative measures of privacy risks on mobile apps. We also propose an automatic system with user interface to assist parents being aware of apps’ privacy risks, therefore, to make informed decisions when choosing apps for their children. We believe that the findings have important implications for the…

Xiaodan Jin,Eunhye Kim,Kyung-chul Kim,Sitian Chen

DOI: https://doi.org/10.1007/s13132-023-01585-2

IF: 1.815

2023-11-09

Journal of the Knowledge Economy

Abstract:The advent of mobile app development, driven by the ubiquity of smartphones and tablets, has revolutionized early childhood education. This transformation is exemplified by the proliferation of early childhood education apps. Academic interest in education apps, particularly early childhood, underscores their importance in shaping learning experiences. This study delves into Chinese families' utilization patterns, examining awareness, attitudes, and guidance on app usage and children's engagement frequency. Results indicate early exposure and high-frequency use, underlining the apps' prevalence. The study also identifies the strengths and challenges of these apps. While they offer flexibility, interactive learning, and extensive content, there are concerns regarding potential addiction and lack of critical thinking. Collaboration among stakeholders, including schools, parents, and developers, ensures responsible usage. The research provides actionable recommendations. Parents should adopt a balanced view of early childhood education apps, recognizing their potential benefits while mitigating risks. Fostering a positive parent–child relationship is crucial, emphasizing communication and mutual understanding. Parents should enhance their ability to select and operate apps effectively. Creating an appropriate environment and providing scientific parenting instructions are also essential. Kindergartens are pivotal in cultivating children's good operating habits and formulating relevant regulations to ensure app quality. Theoretical implications highlight the need for a holistic approach, considering the interplay between children, parents, and technology. Policymakers, developers, and educators must acknowledge parents' pivotal role in digital education. Policies should promote responsible screen time and high-quality content. This study offers valuable insights into the evolving landscape of early childhood education, shaping the future of digital learning experiences for young children.

economics

Yi Chen,Mingming Zha,Nan Zhang,Dandan Xu,Qianqian Zhao,Xuan Feng,Kan Yuan,Fnu Suya,Yuan Tian,Kai Chen,XiaoFeng Wang,Wei Zou

DOI: https://doi.org/10.1109/sp.2019.00054

2019-01-01

Abstract:Mobile apps include privacy settings that allow their users to configure how their data should be shared. These settings, however, are often hard to locate and hard to understand by the users, even in popular apps, such as Facebook. More seriously, they are often set to share user data by default, exposing her privacy without proper consent. In this paper, we report the first systematic study on the problem, which is made possible through an in-depth analysis of user perception of the privacy settings. More specifically, we first conduct two user studies (involving nearly one thousand users) to understand privacy settings from the user's perspective, and identify these hard-to-find settings. Then we select 14 features that uniquely characterize such hidden privacy settings and utilize a novel technique called semantics- based UI tracing to extract them from a given app. On top of these features, a classifier is trained to automatically discover the hidden privacy settings, which together with other innovations, has been implemented into a tool called Hound. Over our labeled data set, the tool achieves an accuracy of 93.54%. Further running it on 100,000 latest apps from both Google Play and third-party markets, we find that over a third (36.29%) of the privacy settings identified from these apps are “hidden”. Looking into these settings, we observe that they become hard to discover and hard to understand primarily due to the problematic categorization on the apps' user interfaces and/or confusing descriptions. Further importantly, though more privacy options have been offered to the user over time, also discovered is the persistence of their usability issue, which becomes even more serious, e.g., originally easy-to-find settings now harder to locate. And among all such hidden privacy settings, 82.16% are set to leak user privacy by default. We provide suggestions for improving the usability of these privacy settings at the end of our study.

Shuai Li,Zhemin Yang,Nan Hua,Peng Liu,Xiaohan Zhang,Guangliang Yang,Min Yang

DOI: https://doi.org/10.1145/3548606.3559371

2022-01-01

Abstract:ABSTRACTRecent years have witnessed the interesting trend that modern mobile apps perform more and more likely as user-to-user platforms, where app users can be freely and conveniently connected. Upon these platforms, rich and diverse data is often delivered across users, which brings users great conveniences and plentiful services, but also introduces privacy security concerns. While prior work has primarily studied illegitimate personal data collection problems in mobile apps, few paid little attention to the security of this emerging user-to-user platform feature, thus providing a rather limited understanding of the privacy risks in this aspect. In this paper, we focus on the security of the user-to-user platform feature and shed light on its caused insufficiently-studied but critical privacy risk, which is brought forward by cross-user personal data over-delivery (denoted as XPO). For the first time, this paper reveals the landscape of such XPO risk in wild, along with prevalence and severity assessment. To achieve this, we design a novel automated risk detection framework, named XPOChecker, that leverages the advantages of machine learning and program analysis to extensively and precisely identify potential privacy risks during user-to-user connections, and regulate whether the delivered data is legitimate or not. By applying XPOChecker on 13,820 real-world popular Android apps, we find that XPO is prevalent in practice, with 1,902 apps (13.76%) being affected. In addition to the mere exposure of diverse private user data which causes serious and broad privacy infringement, we demonstrate that the XPO exploits can invalidate privacy preservation mechanisms, leak business secrets, and even restore the sensitive membership of victims which potentially poses personal safety threats. Furthermore, we also confirm the existence of XPO risks in iOS apps for the first time. Last, to help understand and prevent XPO, we have responsibly launched two notification campaigns to inform the developers of the affected apps, with the conclusion of five underlying lessons from developers' feedback. We hope our work can make up for the deficiency of the understandings of XPO, help developers avoid XPO, and motivate further researches.

Ricardo Lopes,Vinh Thong Ta,Yannis Korkontzelos

DOI: https://doi.org/10.48550/arXiv.2305.08492

2023-05-15

Computers and Society

Abstract:With the rapid development of online technologies and the widespread usage of mobile phones among children, it is crucial to protect their online safety. Some studies reported that online abuse and incidents negatively affect children's mental health and development. In this paper, we examine how Android applications (developers) follow the regulations related to children's data protection (e.g., in the General Data Protection Regulation (GDPR)) and children's online safeguarding guidelines. Our findings show that the number of non-compliant apps is still significant. Even the apps designed for children do not always comply with legislation or guidance. This lack of compliance could contribute to creating a path to causing physical or mental harm to children. We then discuss the relevance of automating the compliance verification and online safety risk assessment, including open questions, challenges, and possible approaches and directions.