Thousands of apps may be tracking the online activity of children in ways that violate US privacy laws, according to a recent survey of Android apps available on the Google Play store.

Using an “automatic evaluation of the privacy behaviors of Android apps,” a team of university researchers and computer scientists concluded that of 5,855 apps in the Play Store’s Designed for Families program, 28 percent “accessed sensitive data protected by Android permissions” and 73 percent of the applications “transmitted sensitive data over the internet.” Though the survey noted that simply collecting that information did not necessarily violate the Children’s Online Privacy Protection Act (COPPA), a federal law limiting data collection on children under 13, “none of these apps attained verifiable parental consent” as required under the law since their automated tool was able to activate them.

Among the most concerning findings was that approximately 256 apps collected geolocation data, 107 shared the device owner’s email address, and 10 shared phone numbers.

1,100 shared persistent identifiers, which can be used for behavioral advertising techniques that are banned for use on children by COPPA. 2,281 transmitted Android Advertising IDs…in a method that could “completely negate” AAID privacy protections. That means those apps appear to be in violation of Google policy.

Do no harm, eh?