Most of the popular education apps ask for permissions like write and read external storage, access camera, record audio and getting accounts. The app that asks for the most sensitive permissions is the Remind app which provides communication services for schools. This app asks for a total of 12 sensitive permissions.
Another dangerous app for user privacy is Coursera which asks for 11 sensitive permissions. Questions.AI (an AI homework app) and Moodle (course and class management systems) asks for 10 sensitive permissions. ClassDojo, Gauth_AI, Simplilearn, Canvas Student, Duolingo, Udemy and Blackboard Learn all ask for more than five sensitive permissions.
Most educational apps ask for access to a camera. It is important because of the times the user needs to make in-app pictures and submit them. But this could lead to malicious actors accessing the user’s camera without his permission. A total of 17 apps that were analyzed ask for access to the camera.
Coursera and Duolingo apps also ask for access to your accounts. This isn’t necessary for educational apps and this means that if you give those apps that permission, they can access all of your accounts that are registered on your device. Account information has a lot of sensitive data that can identify a user’s online identity. Duolingo also asks for permission to access contacts of the users. Contact information is also sensitive because it can contain private data about all of your contact and this can be used for unwanted data scraping.
A lot of apps also read files and storage of users. They can access your files, photos, videos and documents that can contain your private information. 21 apps that were analyzed can write to your storage while 20 can read your files. PictureThis, a plan identifying app, can also access the location of where the picture was taken. Khan Academy, Questions.AI and Remind App can also request for your phone number and IMEI and if given permission, these apps can identify the device and its user. There were also ten apps that needed your microphone permission. It may be needed for the learning process like for learning language in Duolingo, but if it’s exploited, it can access your sensitive and private information.
Remind app can also call and connect to Bluetooth on the user’s behalf. It can also lead to privacy breaches and fraudulent scam communication. Moodle and Questions.AI can access your exact location while ClassDojo, Moodle, Questions.AI and Sololearn can access your approximate location.
To keep your data and private information safe, it is best that you review your permission requests before giving access to these apps. Only give permission only when it is necessary and give it only while using the app. If you do not handle this well, it can lead to privacy invasion and data leaks which can become a threat to you.
Read next: Study Highlights Role of Social Media and Governments in Worsening Online Information Landscape