Children’s app developers may need to start reconsidering how they build their apps in light of more pressure from the Federal Trade Commission, which intensified its scrutiny of kids app makers and the privacy policies they employ. The FTC on Monday released its second report on privacy and disclosure practices of children’s mobile apps and found there was little progress by app ecosystem members on how transparent apps and app stores were about their policies.
The report, which examined more than 400 children’s apps in Google Play and the Apple App Store, found:
- About 80 percent of apps don’t disclose privacy policies in the app or on a website.
- 59 percent of apps transmit information from the device to the app developer or more often to a third party such as an ad network or analytics company.
- 58 percent of apps contain advertising, but only 15 percent disclose that to app users.
- 22 perent of apps reviewed have social media links with only 9 percent sharing that fact.
- And 17 percent allowed in-app purchases within their app.
The app industry has not made significant movement on providing parents with more information about what happens in these apps, said Jessica Rich, associate director of the FTC’s Division of Financial Practices. She said some apps could be in violation of current privacy laws for children. The FTC is now conducting non-public investigations of some apps though Rich declined to say which apps were being reviewed.
She said the danger to children from these apps could come from inappropriate ad targeting of children, sharing a child’s location or opening them up to messaging from outsiders.
“It’s important for kids’ privacy that there be better disclosures and accurate disclosures for parents on what’s happening to kids data,” Rich said.
The FTC is urging the industry to better incorporate privacy protection into the mobile products; offer better information to parents about what’s happening in their apps and choices for data collection and sharing; and offer more transparency about the usage and collection of data.
Rich said the FTC has authority under the Children’s Online Privacy Protection Act (COPPA) as well as the regular FTC rules against unfair and deceptive practices. While Rich is waiting on app ecosystem members to address its concerns, the biggest motivation might come from new revisions the FTC submitted for COPPA in September. Those changes would strengthen online privacy protections and specifically treat device ID information and geolocation data more strictly.
That means a developer may potentially be investigated for sharing device IDs or location data with third parties. That could also have larger implications for bigger developers who make apps for a general audience but are used by children. Device ID and location data can be key components in helping target ads to mobile users based on their behavior and whereabouts. And analytics are important for understanding how an app is being used and how it can be improved.
Apple has come up with its own system for advertisers who want to track users called Identifier for Advertisers, which replaces the old UDID system. But as my colleague Erica Ogg recently pointed out, many advertisers are not making the switch right away from UDID, which provides a chance for better tracking of individuals.
The app market is still so relatively new and many developers are struggling just to make money. We haven’t seen a lot of nightmare cases stemming from the abuse of children’s mobile app data. But the FTC campaign should remind developers that kids apps require a lot more attention to privacy.