Children can completely bypass age verification measures on the likes of Snapchat, Instagram, TikTok, Facebook and WhatsApp simply by lying about their age, according to research.
The study, carried out by researchers at Lero, the Science Foundation Ireland Research Centre for Software also found there are real dangers to children who are “easily” bypassing the age verification process.
Lero’s lead researcher Dr Liliana Pasquale said: “This results in children being exposed to privacy and safety threats such as cyberbullying, online grooming, or exposure to content that may be inappropriate for their age.”
The study which examined Snapchat, Instagram, TikTok, HouseParty, Facebook, WhatsApp, Viber, Messenger, Skype, Discord apps scrutinised age verification procedures in April 2019 and repeated it in April 2020. It found all ten apps permitted users, regardless of age, to set up accounts if they first gave their age as 16.
Europe’s General Data Protection Regulation (GDPR) requires children below the age of digital consent (13-16) to have verifiable parental consent for the processing of their data.
In the US, the minimum age for accessing social media is 13. That has been in effect since 2000.
EU member states are also free to set a different digital age of consent, between 13 and 16 years, leading to a range of age limits across Europe. Ireland, France, Germany and the Netherlands have opted for 16, while Italy and Spain have set the age at 14. In the UK, Denmark, and Sweden it is 13.
“Our study found that some apps disabled registration if users input ages below 13, but if the age 16 is provided as input initially then none of the apps requires proof of age.
“Providing mechanisms that deter a user from installing an app on a device on which they have previously declared themselves to be underage is currently one of the most sensible solutions not to incentivise users to lie about their age,” Dr Pasquale, the assistant professor at University College Dublin’s School of Computer Science, said.
The team looked at existing age recognition techniques using biometrics such as speech recognition and fingerprint characteristics as possible solutions to implement more robust age verification mechanisms. However, these were also found to have limitations with speech recognition, for example, easily bypassed by playing voice recordings.
Dr Pasquale said their study found existing data protection regulations to be ineffective: “In reality, the application of substantial financial penalties was the main trigger for app providers to implement more effective age verification mechanisms. Based on our study and on our survey of biometrics-based age recognition techniques, we propose a number of recommendations to app providers and developers.”
These recommendations include robust age verification mechanisms, encouraging users not to lie about their age when setting up an account, enabling the most restrictive privacy settings, and clarifying the minimum age and treatment of data.