The Hidden Privacy Risks in Popular Educational Apps Like Coursera, Duolingo, and More (0penbuckets)

In today’s digital age, educational apps like Coursera, Duolingo, Moodle, and Udemy are revolutionizing the way we learn. With millions of users worldwide, these platforms make education more accessible and engaging. However, while these apps enhance learning, they also come with significant privacy risks. These platforms often request permissions that grant access to sensitive personal data, raising concerns about how this information is used and stored.

Educational Apps on the Rise

The educational app industry is booming, with millions of users embracing technology to enhance their learning experience. According to recent data, approximately 709 million people used educational apps in 2023, generating over $5.93 billion in revenue. It’s no surprise that education apps rank among the top categories in both the Google Play Store and the Apple App Store.

But as the popularity of these apps grows, so do the concerns about privacy. While learning with these platforms is convenient, users may unknowingly expose themselves to potential privacy breaches due to the broad range of permissions required by the apps.

Why App Permissions Matter

When you download an app, it often asks for permissions to access different parts of your phone, such as your camera, storage, or contacts. Ideally, an app should only request permissions essential for its core functionality. However, many apps go beyond what is necessary, potentially compromising user privacy.

App permissions are designed to give users more control over their data, but they also open doors for misuse. Educational apps, in particular, are no exception. They often require permissions that allow them to access your device’s location, read files, or even retrieve your contact list. Such access may not seem harmful at first glance, but it could lead to privacy breaches if not handled correctly.

Apps Asking for Excessive Permissions

Some popular educational apps request a surprising number of sensitive permissions. For instance, the Remind app, a communication tool for schools, tops the list with 12 sensitive permissions. Other apps, such as Coursera (11 permissions), Moodle (10 permissions), and ClassDojo (9 permissions), are not far behind.

While these apps might require access to certain features for a seamless user experience, such as video calls or media uploads, the amount of data they can potentially collect is concerning.

Camera Access: A Double-Edged Sword

A significant number of educational apps require access to your device’s camera. Seventeen out of the 25 apps tested for privacy risks, including Coursera and Duolingo, request camera permissions. While camera access may be necessary for interactive features like uploading assignments or participating in live classes, it could also be exploited. If compromised, this permission could allow malicious actors to access your camera and microphone without your knowledge, raising serious privacy concerns.

Apps with Access to Your Accounts

Another concerning trend is that several apps, such as Coursera, Duolingo, and Remind, request access to the accounts stored on your device. This includes accounts like Google, Meta, or Samsung, which hold sensitive personal information such as email addresses and usernames.

While these permissions may not be essential for the app’s functionality, they can pose a significant risk if misused. By gaining access to this information, apps could inadvertently expose users to threats such as identity theft or data scraping.

Duolingo Wants Your Contacts

Duolingo, a widely-used language learning app, goes a step further by requesting access to your contact list. This permission allows the app to read and write to your device’s contact list, potentially exposing sensitive information about your friends, family, or colleagues. If exploited, this data could be used for fraudulent schemes or unauthorized marketing.

Storage and File Access

Many educational apps also request access to the files and storage on your device. In total, 21 of the apps examined can write to your storage, while 20 can read files stored on your device. Some even go as far as accessing media libraries or geolocation metadata embedded in photos, as seen with the app PictureThis. While file access is often needed for downloading course materials or saving progress, this level of access can lead to privacy violations if not properly secured.

Location and Microphone Permissions

Certain apps like Moodle and Question.AI also request access to your location data. Location permissions allow these apps to track your precise whereabouts, which can pose significant risks if mishandled.

Moreover, apps like Duolingo and Blackboard Learn require access to your device’s microphone. While this feature might be necessary for voice-based learning tasks, it could be used for unauthorized surveillance if exploited.

How to Protect Your Data

Given the privacy risks associated with educational apps, it’s essential to take control of the permissions you grant. Always review the permissions an app requests and ensure they are necessary for its core functions. On Android devices, you can manage permissions through the “Application Manager” or “Apps” section in your settings.

If an app requests too many permissions or seems overly invasive, it might be best to avoid it. Privacy and data security should always come first when navigating the digital learning landscape.