COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity

Kanad Basu, Suha Sabi Hussain, Ujjwal Gupta, Ramesh Karri

Research output: Contribution to journalArticlepeer-review


User privacy is an extremely important concern for mobile applications. Recently, the Federal Trade Commission (FTC) has penalized multiple mobile application developers, such as TikTok and BabyBus for violating privacy regulations. Privacy concerns are more critical for children, who do not comprehend the risks associated with transmitting private information like geospatial location. The Children's Online Privacy Protection Act (COPPA) is an online privacy regulation platform to monitor data usage by mobile applications designed for children. Existing research on detecting whether an application complies with certain privacy regulations is performed either by analyzing the application binary or by dynamic monitoring of network at runtime. However, as explained in related work, both methods have their respective demerits. We propose COPPTCHA, a Hardware performance counter (HPC)-based technique to detect whether a children's app abides by the COPPA regulations. HPCs are special purpose registers found in all processors that measure system level events. Since the proposed method is hardware-based, it is difficult to undermine it compared to software-based COPPA compliance detection. COPPTCHA has no hardware overhead, since HPC data collection is integral to all industry standard processors. The HPC readings of applications running on a smartphone are classified using machine learning based classifiers to detect COPPA compliance. Our experiments employing a Moto-G4 smartphone shows that COPPTCHA can detect COPPA-violating apps with ≥ 99% accuracy.

Original languageEnglish (US)
Article number9049424
Pages (from-to)3213-3226
Number of pages14
JournalIEEE Transactions on Information Forensics and Security
StatePublished - 2020


  • Demography
  • Privacy
  • Social factors
  • Technology Social factors

ASJC Scopus subject areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications


Dive into the research topics of 'COPPTCHA: COPPA Tracking by Checking Hardware-Level Activity'. Together they form a unique fingerprint.

Cite this