惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

Tech

The Industry Speaks, Part 1: AI Appreciation Day 2026 Open banking expands as non-bank lenders join Consumer Data Right Telstra CEO says she is ‘deeply sorry’ for nationwide outage Army uses AI-enabled recon drones in Exercise Southern Jackaroo Telstra finds secondary outage issue impacting 000 as government notes a Telstra finds secondary outage issue impacting 000 Telstra outage: Ministers, experts, and academics respond; ACMA to conduct full investigation 000 calls and Melbourne trains impacted by Telstra outage Kinetic IT launches AI engineering division to accelerate enterprise AI deployment US government lifts access controls on Anthropic’s Claude Fable 5 and Mythos 5 WA announces data science, artificial intelligence training program with industry, UK’s Faculty Civil liberties org rails against deployment of facial recognition tech by WA Police CrowdStrike expands QuiltWorks alliance with Amazon Web Services Vodafone urgently investigating outage impacting millions of Aussies Space Centre Australia debuts ASTRIS mission artificial intelligence at Australian Space Summit Is AI profitable yet? One website seeks to answer that question Report: Australians' faith in AI is almost non-existent Monash researchers unveil breakthrough photonic chip for next-generation AI and quantum computing Report: AI-based data incidents on the rise in Australia Anthropic launches dedicated Claude Security platform to public beta Ukrainian official advocates for artificial intelligence, autonomous drones for battlefield deployment CrowdStrike launches Project QuiltWorks to tackle skyrocketing AI-discovered vulnerabilities Outsiders are already accessing Anthropic’s new AI model, but is Claude Mythos really that powerful? Kinetic IT appoints Kishore Jayaram in new chief transformation officer role Anthropic launches Claude Opus 4.7 as researchers reveal fake Claude installer spreading malware US Federal Communications Commission announces ban on foreign-made consumer routers Australian arm of clothing retailer Lululemon fined $702k over spam breaches Not on our watch: Coles, Palantir respond to GetUp anti-surveillance campaign Kinetic IT earns fifth Deloitte Best Managed Companies award Inside Genetec: How a once-hardware-centric sector has become a software battleground Rubrik reveals Agent Cloud to secure agentic AI in the enterprise Sausage watch: What are the implications of this week’s Bunnings facial recognition ruling? Kinetic IT appoints Jeremy O’Donohue to lead state government and critical infrastructure portfolio Kinetic IT awarded ICT contract with Department of Defence Send nudes: SecDef Hegseth announces Grok rollout at the Pentagon UNSW lands $3m next-gen AI defence contract ServiceNow announces acquisition of Armis Axonius denies reports of Cisco acquisition
Report: Data collection by school-backed apps in Australia is out of control and a risk to kids
David Hollingworth · 2026-04-20 · via Tech

New research by the UNSW Institute for Cyber Security reveals that most applications backed by various departments of education around the country start harvesting children’s data almost immediately.

A raft of smartphone apps – all endorsed by schools around Australia – have been found to begin harvesting user data before the app has even been accessed and sharing children’s data within seconds of use.

An audit by the University of New South Wales’ Institute for Cyber Security found glaring issues with almost 200 school-backed apps, with 89.3 transmitting data to third parties before any interaction with the app in question.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The harvested data, the audit found, includes device identifiers, location metadata and “other sensitive information”.

Dr Rahat Masood, a cyber security expert at UNSW, said even simply opening an app would lead to the transfer of user data.

“Telemetry data, which mainly refers to tracker-related identifiers and used for the automatic collection and transmission of data to remote servers,” Masood said of the data harvested.

“Despite just opening the app and not using any educational feature, it is still transferring a lot of information that is sensitive and can actually identify your device.”

In addition, more than 65 per cent of apps include some form of embedded tracking or analytics tool, such as Firebase, Facebook SDK or Unity Analytics – apps, UNSW said, that have zero educational purpose.

“None of these are needed to actually run the educational apps,” Masood said.

Just as worrying, the vast majority of privacy policies were considered easy to read, with 97 per cent requiring at least a university-level education to understand.

“Nobody will understand these terminologies and jargon,” Masood said.

“Comprehension, readability understandability – all these metrics that we analysed were all very bad.”

Perhaps more damning, many apps that claimed to not collect data were doing so within moments of use.

“We matched the privacy policy with the dynamic analysis – when the app is running, whether it is collecting the data and whether it is mentioned in the privacy policy or not,” Masood said.

“Only one in four were matching. Some of the policies appear to have been generated using AI tools.”

According to Masood, while the various departments of education maintain lists of approved and assessed apps, the level of actual assessment falls far short.

“They look at very high-level details and they don’t download the app – they don’t do the dynamic analysis, they don’t go through the accessibility and readability of the privacy policies,” Masood said.

Masood and the team behind the study – UNSW researchers Sicheng Jin, Jung-Sook Lee, and Hye-Young (Helen) Paik – are working on a “traffic light” system to give parents the information they need to understand how these apps work and what they collect.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.