Neither developers nor sellers of mobile applications aimed at children provide the information parents need to protect their children’s privacy, according to an FTC staff report released today.
The report (“Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing”) indicated that mobile app providers did not furnish information about what data is being collected from children, how that data is being shared, and who will be given access to the data.
There are currently more than 500,000 applications in the Apple App Store and 380,000 in the Android Market. The FTC staff evaluated the types of apps offered to children, the disclosures provided to users, interactive features such as connectivity with social media, and the ratings and parental controls offered for such apps.
The FTC found that the apps can automatically capture a broad range of user information from a mobile device, including the user’s precise geolocation, telephone number, list of contacts, call logs, and unique identifiers stored on the mobile device. The report highlights “the lack of information available to parents prior to downloading mobile apps for their children and calls on industry to provide greater transparency about their data practices.”
In most instances, FTC staff was unable to determine from the information on the app store page or the developer’s landing page whether an app collected any data, let alone the type of data, the purpose of such collection, and those with access to such data.
“At the FTC, one of our highest priorities is protecting children’s privacy, and parents deserve the tools to help them do that,” said FTC Chairman Jon Leibowitz. “Companies that operate in the mobile marketplace provide great benefits, but they must step up to the plate and provide easily accessible, basic information, so that parents can make informed decisions about the apps their kids use.”
The report made several recommendations regarding the practices of app developers and app stores, including:
All developers, stores, and third parties providing services should play an active role in providing key information to parents.
All developers should provide data practice information in simple and short disclosures.
App stores should take responsibility for ensuring that parents have basic information.
The FTC, which enforces the Children's Online Privacy Protection Rule, will hold a public workshop addressing the issue this year, in connection with its efforts to update the agency's "Dot Com Disclosure" guide, which describes how to provide effective online disclosures.
The 30-page FTC staff report is available here on the FTC website.