20% of Google Play apps breach child privacy rules

Kid sitting on a couch playing a tablet
(Image credit: Shutterstock)

Around one fifth of the top Android mobile apps for children on the Google Play store collect data that violates the Children’s Online Privacy Protection Act (COPPA). These apps have been downloaded by 492 million users.

COPPA, imposed by the Federal Trade Commission (FTC), enforces several requirements on operators of websites or online services aimed at children under 13. It also applies to operators of other websites and online services that know they are collecting personal information from children under 13.

According to Comparitech, which looked at kids’ apps’ privacy policies to see if they aligned with regulations, most of the apps collect data but fail to include a child-specific section, suggesting they collect and use children’s data the same ways they do adult data.

The research found that around 5% of apps investigated declared their services do not target or address children, despite these apps having “kids” and “toddler” in their name.

According to researchers, half of the apps in violation of COPPA are collecting data without having a comprehensive, child-specific privacy policy in place. According to researchers, while a privacy policy indicates certain personal information is collected, these apps should have a separate section on how the developers ensure children’s safety. If the app collected no data at all, this wouldn’t be necessary.

Around 9% of apps collect no data themselves but work with third parties that potentially did.

For example, one app suggests geographic location may be used through Google Analytics, and other third-party ad networks may collect various pieces of data, including geographic location and device ID, according to Comparitech.

“In this case, a child-specific section and parental consent are necessary, as is in-depth detail about each third party. It is also likely that many of the 50 percent of app developers that collect PI themselves also work with third parties that collect PI, too.”

RELATED RESOURCE

Business in the new economy landscape

How we coped with 2020 and looking ahead to a brighter 2021

FREE DOWNLOAD

More troubling was that 50% of apps that violated COPPA had a “teacher-approved” badge on the app store, meaning the app went through an additional layer of review with teachers and specialists evaluating the apps based on multiple criteria. This suggests the experts evaluating these apps failed to ensure they didn't violate children's privacy.

The research also found that 9% of apps put the onus on parents or children, asking children to refrain from submitting personal information to the app or for parents to monitor their child’s app usage.

“Apps should request parental consent from the onset if they’re to collect PI (they shouldn’t expect parents to look into this themselves, and they certainly shouldn’t expect children to read privacy policies before submitting data),” the researchers said.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.