When it comes to privacy, it seems like most tech companies still have to put in more effort than just a casual nod. Case in point, the Google Play Store, where The Guardian reports that apps and games aimed at children might be violating US laws in place to protect kids.

Researchers at the International Computer Science Institute at the University of California tested 5885 Android apps, some actually part of Google’s Designed for Families programme, and found that more than half could be in violation of the US Children’s Online Privacy Protection Act (Coppa). Coppa deals with how data gathered from kids under the age of 13 must be handled.

“We observed that 19% of children’s apps collect identifiers or other personally identifiable information (PII) via Software Development Kits (SDK) whose terms of service outright prohibit their use in child-directed apps,” note the researchers.

They further mention that 28% of the apps accessed sensitive data supposedly protected by Android permissions; 4% shared location data or contact info without consent, and 39% either disregarded or were ignorant of contractual obligations to protect children’s privacy.

The researchers did note that some of these privacy violations might actually be unintentional thanks to “misunderstandings” of third party SDKs. Nonetheless, it goes to show that in the age of the internet, security and privacy are not givens, even if it says so on the box.