Hundreds of mobile apps for children fail to provide parents with basic information on the kinds of sensitive information the apps collect and share about their children, said a new federal report Monday.
Only 20 percent of children's apps provided disclosures about their data collection practices, according to a staff report from the Federal Trade Commission. The apps that did offer disclosures often provided links to long, dense, technical privacy policies "filled with irrelevant information," according to the report. Other apps, it said, gave misleading information about their practices.
The agency's study examined the privacy policies of 400 popular children's apps -- half of them available through the Apple App Store and the other half through Google's Android Market -- and compared the apps' disclosures to their actual data collection practices.
"Most apps failed to provide any information about the data collected through the app, let alone the type of data collected, the purpose of the collection, and who would obtain access to the data," the FTC report said. "Even more troubling, the results showed that many of the apps shared certain information" -- like a device's phone number, precise location or unique identification code -- with third parties, according to the report.
More than half of the apps studied were transmitting children's data, often to marketers. The researchers also reported that most apps failed to tell parents when they involved interactive features like advertising, social network sharing or allowing children to make purchases for virtual goods within the app. For instance, while 9 percent of the children's apps disclosed to parents that they contained advertising, FTC researchers found that 58 percent actually contained ads. Moreover, of the 24 apps that stated they did not contain in-app advertising, 10 actually contained ads, the report said.
The report added that some of these practices could violate the FTC's prohibition against unfair or deceptive practices. The practices could also violate a federal law, called the Children's Online Privacy Protection Act of 1998, known as COPPA for short. That law requires website operators to obtain parental permission before collecting or sharing the names, phone numbers, addresses or other personal information about children under 13.
Regulators said they were starting "numerous nonpublic investigations" to determine whether the discrepancies between the children's apps' disclosures and their actual practices violated the law.
The report is part of the FTC's preparations to strengthen the children's online privacy rule.
Over the past few months, however, some prominent media companies, app developers and advertising industry groups have pressed FTC commissioners to water down the agency's proposed updates to the COPPA rule. The timing of the report suggests that the FTC may be trying to lay the groundwork for broader children's online privacy protections.
The agency hopes to update them to keep up with developments in mobile apps, voice recognition, facial recognition and comprehensive online data collection by marketers. The agency has proposed, for example, a longer list of data about children that would require prior parental consent to collect: photos, voice recordings and unique mobile device serial numbers that could be used to track children and compile information about their activities across apps.
In the report, regulators said their concern was that marketers and data collection companies could potentially use information from children's apps to develop detailed profiles of children without their parents' knowledge or consent. Children's advocates have argued that such detailed profiling could potentially present a safety hazard -- like the ability for strangers to contact or locate a child -- as well as a risk that children could be unfairly discriminated against or influenced by marketers.
"The transmission of kids' information to third parties that are invisible and unknown to parents raises concerns," the report said.nation