US FTC: Many kids' apps fail to disclose what information they share

The agency launches an investigation into several app makers targeting children

Many mobile apps aimed at children collect and share personal data without notifying parents, potentially violating U.S. law, the Federal Trade Commission said in a report released Monday.

The FTC has launched an investigation of several mobile app makers after surveying 400 apps from the Apple App store and Google Play, said Jessica Rich, associate director of the FTC's Division of Financial Practices. In some cases, kids' mobile apps collect the identification of the mobile device, geolocation information or the phone numbers, without telling parents, she said.

Some of those practices may violate the Children's Online Privacy Protection Act (COPPA), Rich said during a press conference.

Mobile app makers have made little progress in disclosing to parents the information they share, advertising they contain and other information since the FTC released a first report on mobile privacy for children's apps in February, Rich said.

"What we found is cause for concern," Rich said. "We think this is a systematic problem."

Nearly 60 percent of the kids' apps the FTC surveyed transmit information from a users' device back to the app developer or a third party such as an advertising network or analytics company, the FTC report said. Just 20 percent of the apps reviewed disclose any information about their privacy practices.

In addition, 58 percent of the apps reviewed contained advertising, while only 15 percent disclosed the presence of advertising before people download them, the FTC said. Twenty-two percent of the apps contained links to social networking services, while only 9 percent disclosed that fact.

Another 17 percent of the apps reviewed allow kids to make purchases for virtual goods within the app, with prices ranging from US$0.99 to $29.99, the FTC said. Both app stores provided some indicators when an app contained purchasing capabilities, but those indicators were not always prominent or could be difficult for many parents to understand, the FTC said.

Rich declined to name which apps raised the most privacy concerns, saying the problem was widespread. The FTC hopes the new report will "light a fire under" mobile privacy efforts, including ones at the California Office of Attorney General and the U.S. National Telecommunications and Information Administration, Rich said.

Privacy advocates called for strong enforcement of COPPA by the FTC.

"This report reveals widespread disregard for children's privacy rules," Kathryn Montgomery, a communications professor at American University in Washington, D.C., said by email. "In the rapidly growing children's mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geo-location and use of personal contact data."

The Center for Digital Democracy, a digital rights and online privacy group, plans to file two kids' privacy complaints this week, said Jeffrey Chester, the group's executive director.

CTIA, a trade group representing mobile carriers, said in a statement that its members are committed to "honoring and respecting consumers' privacy and offering them a variety of safeguards."

It's important for parents and children to talk to each other about how the family uses mobile devices and "make themselves aware of the privacy policies made available by wireless service providers, social networks and apps," CTIA added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade CommissionregulationKathryn MontgomeryJessica RichCenter for Digital DemocracymobileprivacyCalifornia Office of Attorney Generalmobile applicationsAppleU.S. National Telecommunications and Information AdministrationJeffrey ChesterGoogleAmerican Universitysecurityctiagovernment

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts