In a study by Comparitech, researchers found that one in five children’s apps available for download via the Google Play US store violate rules laid out in the Children’s Online Protection Act (COPPA).
The Act, imposed by the Federal Trade Commission in 1998, enforces requirements on website operators and online services aimed at under 13s. It also applies to operators of websites and services that know they are collecting personal information from under 13s.
Researchers reviewed 500 of the most popular children’s apps available on the Google Play store in the US, analysing whether or not each one adhered to COPPA’s key regulations. Comparitech also investigated what information was collected by each app, and whether it included a clear, comprehensive section dedicated to explaining the collection of children’s data.
Twenty-percent of the apps they studied breached COPPA’s rules in some way – the majority of which collected data but failed to include a child-specific explanation of how it’s used, suggesting that kids’ information is treated the same as adults’. Additionally, more than 5% of the apps in question declared that their offerings aren’t targeted towards or do not address an audience of minors – even those with ‘kids’ or ‘toddler’ in their name.
The 101 apps that breached COPPA’s terms have been downloaded by 492m users, the study found, and 50% (274) also showcase a ‘teacher-approved’ badge. Twenty-seven (5%) privacy policies that were reviewed claimed the respective apps were not intended for children, despite being featured in the store’s ‘Everyone’ category – 10 of which are ‘teacher-approved’.
Google’s ‘teacher-approved’ program calls for apps to submit to additional review following the initial submission into family/children categories. It has teachers and specialists evaluate the apps based on multiple criteria, including design quality, appeal to children, and age appropriateness (including in-app adverts, purchases, and cross-promotions).
Worryingly, 18% of apparently ‘teacher-approved’ apps are in violation of COPPA, along with 21% of those that are free and 20% of paid. Thirty-eight percent off all the apps in breach of the Act are considered ‘educational’.
Nine-percent of the apps surveyed do not collect data themselves but do work with third parties (primarily third-party adverts and analytics) that potentially do. One app, for example, suggests geographic location may be used through Google Analytics, and other third-party ad networks may collect various datasets – including geographic location and device ID. In the case of the latter, a child-specific section and parental consent are required, as is detailed information about each third party. Researchers also claim it’s likely that half of the app developers that collect personal data themselves also work with third parties that collect it, too.
Another 9% of developers place the responsibility on parents and children, asking them to refrain from submitting personal information while using the app, or urging parents to regularly monitor their child’s app usage. Apps should actually request parental consent from the outset if they are collecting personal data, rather than placing the onus on users themselves.
“With almost half a billion downloads across the 101 COPPA-violating apps we studied,” she added, “our research likely scratches the surface of the problem” – Rebecca Moody, Comparitech
Rebecca Moody, head of data research at Comparitech, commented: “Our research highlights a worrying lack of safeguards and accountability for protecting children’s privacy when using apps. Not only do one in fove apps lack the necessary privacy-protecting measures required in their privacy policies but half of these have also been through additional ‘safety’ and compliance checks to receive a teacher-approved badge. To receive this badge, teachers and other specialists review the apps for various criteria, including age appropriateness.
In other news: AWS GetIT 2021 winners announced