Courtesy of The New York Times
Several hundred of the most popular educational and gaming mobile apps for children fail to give parents basic explanations about what kinds of personal information the apps collect from children, who can see that data and what they use it for, a new federal report says.
The apps often transmit the phone number, precise location or unique serial code of a mobile device to app developers, advertising networks or other companies, according to the report by the Federal Trade Commission, released Monday. Regulators said such information could be used to find or contact children or track their activities across different apps without their parents’ knowledge or consent.
The agency reviewed 400 of the most popular children’s apps available on Google and Apple platforms, and reported that only 20 percent disclosed their data collection practices.
“The survey results described in this report paint a disappointing picture of the privacy protections provided by apps for children,” the report said.
Regulators said they were investigating whether the practices of certain apps violated a federal law requiring Web site operators to get parents’ permission before collecting or sharing names, phone numbers, addresses or other personal information obtained from children under 13.
The report comes as the agency is preparing to strengthen those protections by requiring site operators to obtain parental consent before collecting many other kinds of personal information from children.
But over the last few months, the agency’s efforts have met with pushback from Apple, Facebook, Google and Viacom as well as from technology associations and marketing industry groups, who say the agency’s proposed solution is so broad that it could inhibit companies from offering sites, apps and other services for children.
In its report, the agency did not disclose the names of apps it found problems with.
“We think this is a systematic problem,” said Jessica Rich, the associate director of the F.T.C.’s division of financial practices, adding that parents should not think “if they avoid certain apps, they are home free.”
Representatives of the app industry said they had already been working with app developers to make disclosures about data collection clearer and simpler for consumers. But “the F.T.C. report is a reminder that there is more work to do,” said Jon Potter, the president of the Application Developers Alliance, an industry group.
The agency’s researchers also reported that most apps failed to tell parents when they involved interactive features like advertising, social network sharing or allowing children to make purchases for virtual goods within the app.
For instance, researchers found that 58 percent of the children’s apps contained ads, even though just 15 percent disclosed this before download. Moreover, of the 24 apps that stated they did not contain in-app advertising, 10 did contain ads, the report said.
Children’s advocates said the report’s findings reinforced the need to strengthen online privacy protections for children. The agency has not substantially revised its regulations based on the federal Children’s Online Privacy Protection Act, or Coppa, since the law’s introduction more than a decade ago.
“This makes the case as to why we need major revisions,” said James Steyer, the chief executive of Common Sense Media, a nonprofit advocacy and education group in San Francisco that focuses on children and technology. “It shows that parents don’t have enough information to make good choices.”
The timing of the report suggests that the agency is trying to lay the groundwork for its push for broader children’s online privacy protections. In interviews, agency officials have said the protections needed to be modernized to keep pace with developments in mobile apps, voice recognition, facial recognition and comprehensive online data collection by marketers.
For example, regulators have proposed a longer list of data about children that would require parental consent for Web site operators to collect, including photos, voice recordings and unique mobile device serial numbers. Agency officials have also emphasized that they considered the precise location of a mobile device to be personal information whose collection required parental permission.
If the agency includes these changes in the final version of its updated regulations, apps would need to get parental consent for a number of data collection practices that are in widespread use.
For example, agency researchers reported that almost 60 percent of the children’s apps in the study transmitted a device’s ID number, most commonly to an advertising network or another third party. But only 20 percent of the apps disclosed information about these kinds of practices. Regulators said their concern was that marketers or other entities could use these unique device numbers to follow individual children across multiple apps over time, compiling detailed dossiers on their activities.
“The transmission of kids’ information to third parties that are invisible and unknown to parents raises concerns,” the report said.
Although state and federal regulators, along with industry groups, have been working to improve disclosures for consumers about how mobile apps collect and use their data, progress has been incremental.
Kamala D. Harris, the attorney general of California, signed an agreement this year with seven leading app platforms to make sure apps available through their stores displayed privacy policies. She also recently sent letters to 100 companies whose apps, she said, did not comply with a California law requiring them to post privacy policies.
Last week, Ms. Harris’s office sued Delta Air Lines for not warning users of its Fly Delta app that it collected personal information like a user’s full name, phone number, e-mail address, photographs and location.
App industry associations have also been working to improve transparency for consumers and parents. For instance, the Application Developers Alliance, in a joint project with the American Civil Liberties Union and other advocacy groups, has created prototype disclosure notices that apps could voluntarily display before consumers download them.
“I think the app industry continues to work with our members, companies and consumer groups to identify and eventually implement more effective ways of communicating with consumers,” said Mr. Potter, the president of the app developers’ group.
Ms. Rich of the Federal Trade Commission said she hoped the agency’s report would “light a fire” under such efforts. She added that the agency intended to conduct studies regularly on the children’s app market and publicly report its findings.