Mobile Apps for Kids May Violate Privacy Laws, FTC Finds
Dozens of mobile apps for kids, from alphabet and word games to flash cards and puzzles, do not disclose how they use children's personal data and may be violating privacy law, according to a new government survey.
In a review of children's apps in Apple's App store and Google's Android Market, the Federal Trade Commission — which regulates the online use of consumers’ data — found that most apps gave little, if any, explanation of data collection and sharing practices.
"Parents generally cannot determine, before downloading an app, whether the app poses risks related to the collection, use, and sharing of their children's personal information," said the FTC report, released Thursday.
Mobile applications can capture a wide range of sensitive data, such as call logs, contacts and location, often without the user's knowledge. Gaming apps, for example, can identify the user's location to help players find and connect with other players nearby, the report said.
Under the Children's Online Privacy Protection Act, known as COPPA, operators of online services are required to provide notice and obtain parental consent before collecting items of "personal information" from children. The commission has proposed expanding the law's definition to include mobile apps that allow children to play network-connected games, engage in social networking and receive targeted ads.
Last fall, the FTC settled a case against W3 Innovations, which develops children's games for the iPhone and iPod touch. The commission charged the developer with illegally collecting and disclosing personal data from thousands of children without their parents' consent.
The mobile app market has exploded from about 600 apps in 2008 to nearly 900,000 apps in Apple's App store and Google's Android Market today, according to the FTC. By searching the word "kids" in those stores, the commission's staff found more than 11,000 results and reviewed 400 apps to see how developers disclosed their data practices. The survey did not investigate whether apps collected, used or disclosed personal data from children.
But FTC Chairman Jon Leibowitz told HuffPost reporters on Thursday that some apps for children "could be in violation of COPPA." And the report said the commission will be reviewing such apps for violations.
"The kids' app ecosystem badly needs a wakeup call," Leibowitz said.
The FTC survey called on Apple and Google to be more transparent about data practices in their app stores, such as including short, simple, easy-to-find disclosures on what data each app collects, how it will be used and with whom it will be shared.
A Google spokesperson said the company is reviewing the FTC’s report, but added that the Android Market has a permission system that "informs consumers what data an app can access and requires user approval before installation." However, the FTC report said Android's "permissions" screen does not clearly explain how the data is being used.
Apple could not be reached for comment. But the company has stated that it reviews every application in its App Store to"protect consumer privacy and safeguard children from inappropriate content."
Though app developers are required to disclose the information their apps collect, "the app stores do not appear to enforce these requirements," the report said. "This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need."
The privacy concerns raised by the survey are the latest in an ongoing controversy over the data collection capabilities of mobile devices. Last week, a programmer in Singapore discovered that the mobile social network Path was copying iPhones users' address bookswithout notifying them. In December, Carrier IQ, an obscure software installed on millions of smartphones, was accused of logging numerous details about users' activities without their knowledge.