Around one fifth of the top Android mobile apps for children on the Google Play store collect data that violates the Children’s Online Privacy Protection Act (COPPA). These apps have been downloaded by 492 million users.
COPPA, imposed by the Federal Trade Commission (FTC), enforces several requirements on operators of websites or online services aimed at children under 13. It also applies to operators of other websites and online services that know they are collecting personal information from children under 13.
According to Comparitech, which looked at kids’ apps’ privacy policies to see if they aligned with regulations, most of the apps collect data but fail to include a child-specific section, suggesting they collect and use children’s data the same ways they do adult data.
The research found that around 5% of apps investigated declared their services do not target or address children, despite these apps having “kids” and “toddler” in their name.
Around 9% of apps collect no data themselves but work with third parties that potentially did.
For example, one app suggests geographic location may be used through Google Analytics, and other third-party ad networks may collect various pieces of data, including geographic location and device ID, according to Comparitech.
“In this case, a child-specific section and parental consent are necessary, as is in-depth detail about each third party. It is also likely that many of the 50 percent of app developers that collect PI themselves also work with third parties that collect PI, too.”
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021
More troubling was that 50% of apps that violated COPPA had a “teacher-approved” badge on the app store, meaning the app went through an additional layer of review with teachers and specialists evaluating the apps based on multiple criteria. This suggests the experts evaluating these apps failed to ensure they didn't violate children's privacy.
The research also found that 9% of apps put the onus on parents or children, asking children to refrain from submitting personal information to the app or for parents to monitor their child’s app usage.
“Apps should request parental consent from the onset if they’re to collect PI (they shouldn’t expect parents to look into this themselves, and they certainly shouldn’t expect children to read privacy policies before submitting data),” the researchers said.
Get the ITPro. daily newsletter
Receive our latest news, industry updates, featured resources and more. Sign up today to receive our FREE report on AI cyber crime & security - newly updated for 2023.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.