US FTC: Many kids' apps fail to disclose what information they share

The agency launches an investigation into several app makers targeting children
  • Grant Gross (IDG News Service)
  • — 10 December, 2012 17:30

Many mobile apps aimed at children collect and share personal data without notifying parents, potentially violating U.S. law, the Federal Trade Commission said in a report released Monday.

The FTC has launched an investigation of several mobile app makers after surveying 400 apps from the Apple App store and Google Play, said Jessica Rich, associate director of the FTC's Division of Financial Practices. In some cases, kids' mobile apps collect the identification of the mobile device, geolocation information or the phone numbers, without telling parents, she said.

Some of those practices may violate the Children's Online Privacy Protection Act (COPPA), Rich said during a press conference.

Mobile app makers have made little progress in disclosing to parents the information they share, advertising they contain and other information since the FTC released a first report on mobile privacy for children's apps in February, Rich said.

"What we found is cause for concern," Rich said. "We think this is a systematic problem."

Nearly 60 percent of the kids' apps the FTC surveyed transmit information from a users' device back to the app developer or a third party such as an advertising network or analytics company, the FTC report said. Just 20 percent of the apps reviewed disclose any information about their privacy practices.

In addition, 58 percent of the apps reviewed contained advertising, while only 15 percent disclosed the presence of advertising before people download them, the FTC said. Twenty-two percent of the apps contained links to social networking services, while only 9 percent disclosed that fact.

Another 17 percent of the apps reviewed allow kids to make purchases for virtual goods within the app, with prices ranging from US$0.99 to $29.99, the FTC said. Both app stores provided some indicators when an app contained purchasing capabilities, but those indicators were not always prominent or could be difficult for many parents to understand, the FTC said.

Rich declined to name which apps raised the most privacy concerns, saying the problem was widespread. The FTC hopes the new report will "light a fire under" mobile privacy efforts, including ones at the California Office of Attorney General and the U.S. National Telecommunications and Information Administration, Rich said.

Privacy advocates called for strong enforcement of COPPA by the FTC.

"This report reveals widespread disregard for children's privacy rules," Kathryn Montgomery, a communications professor at American University in Washington, D.C., said by email. "In the rapidly growing children's mobile market, companies are seizing on new ways to target children, unleashing a growing arsenal of interactive techniques, including geo-location and use of personal contact data."

The Center for Digital Democracy, a digital rights and online privacy group, plans to file two kids' privacy complaints this week, said Jeffrey Chester, the group's executive director.

CTIA, a trade group representing mobile carriers, said in a statement that its members are committed to "honoring and respecting consumers' privacy and offering them a variety of safeguards."

It's important for parents and children to talk to each other about how the family uses mobile devices and "make themselves aware of the privacy policies made available by wireless service providers, social networks and apps," CTIA added.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Tags: U.S. Federal Trade Commission, regulation, Kathryn Montgomery, Center for Digital Democracy, Jessica Rich, mobile, privacy, mobile applications, California Office of Attorney General, U.S. National Telecommunications and Information Administration, Apple, Google, Jeffrey Chester, security, American University, ctia, government

The risks of sticking with Windows XP

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

ZENworks® Endpoint Security Management

Secure, identity-based protection for your endpoints

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.