FTC Report Raises Privacy Questions About Mobile Applications for Children
A survey released by FTC shows that neither the app stores nor
the app developers provide the information parents need to
determine what data is being collected from their children,
how it is being shared, or who will have access to it.
"At the FTC, one of our highest priorities is protecting
children's privacy, and parents deserve the tools to help them
do that," said FTC Chairman Jon Leibowitz. "Companies that
operate in the mobile marketplace provide great benefits, but
they must step up to the plate and provide easily accessible,
basic information, so that parents can make informed decisions
about the apps their kids use. Right now, it is almost
impossible to figure out which apps collect data and what they
do with it. The kids app ecosystem needs to wake up, and we
want to work collaboratively with industry to help ensure
parents have the information they need."
According to the FTC report, Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing, in 2008, smartphone users could choose from about 600 available apps. Today there are more than 500,000 apps in the Apple App Store and 380,000 in the Android Market. "Consumers have downloaded these apps more than 28 billion times, and young children and teens are increasingly embracing smartphone technology for entertainment and educational purposes."
The report says the survey focused on the largest stores, the Apple App Store and the Android Market, and evaluated the types of apps offered to children, the disclosures provided to users, interactive features such as connectivity with social media, and the ratings and parental controls offered for such apps.
The report notes that mobile apps can capture a broad range of user information from a mobile device automatically, including the user's precise geolocation, phone number, list of contacts, call logs, unique identifiers, and other information stored on the device. At the same time, "the report highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices."
While there was a diverse pool of kids apps created by hundreds of different developers, there was almost no information about the data collection and sharing on the Apple App store promotion pages and little information beyond general permission statements on the Android Market promotion pages. "In most instances, staff was unable to determine from the information on the app store page or the developer's landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who . . . obtained access to such data."
The report recommends:
- All members of the "kids app ecosystem" - the stores, developers and third parties providing services - should play an active role in providing key information to parents.
- App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
- App stores also should take responsibility for ensuring that parents have basic information. "As gatekeepers of the app marketplace, the app stores should do more." The report notes that the stores provide architecture for sharing pricing and category data, and should be able to provide a way for developers to provide information about their data collection and sharing practices.
The report notes that more should be done to identify the best way to convey data practices in plain language and in easily accessible ways on the small screens of mobile devices. The agency will host a public workshop in 2012, in connection with its efforts to update the FTC's "Dot Com Disclosure" guide, about how to provide effective online disclosures. "One of the topics that will be addressed is mobile privacy disclosures, including how they can be short, effective, and accessible to consumers on small screens."
The FTC enforces the Children's Online Privacy Protection Rule. The Rule requires operators of online services, including interactive mobile apps, to provide notice and get parental consent prior to collecting information from children under 13. The report says in the next 6 months, FTC staff will conduct an additional review to determine whether some mobile apps were violating COPPA.
According to the FTC report, Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing, in 2008, smartphone users could choose from about 600 available apps. Today there are more than 500,000 apps in the Apple App Store and 380,000 in the Android Market. "Consumers have downloaded these apps more than 28 billion times, and young children and teens are increasingly embracing smartphone technology for entertainment and educational purposes."
The report says the survey focused on the largest stores, the Apple App Store and the Android Market, and evaluated the types of apps offered to children, the disclosures provided to users, interactive features such as connectivity with social media, and the ratings and parental controls offered for such apps.
The report notes that mobile apps can capture a broad range of user information from a mobile device automatically, including the user's precise geolocation, phone number, list of contacts, call logs, unique identifiers, and other information stored on the device. At the same time, "the report highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices."
While there was a diverse pool of kids apps created by hundreds of different developers, there was almost no information about the data collection and sharing on the Apple App store promotion pages and little information beyond general permission statements on the Android Market promotion pages. "In most instances, staff was unable to determine from the information on the app store page or the developer's landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who . . . obtained access to such data."
The report recommends:
- All members of the "kids app ecosystem" - the stores, developers and third parties providing services - should play an active role in providing key information to parents.
- App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.
- App stores also should take responsibility for ensuring that parents have basic information. "As gatekeepers of the app marketplace, the app stores should do more." The report notes that the stores provide architecture for sharing pricing and category data, and should be able to provide a way for developers to provide information about their data collection and sharing practices.
The report notes that more should be done to identify the best way to convey data practices in plain language and in easily accessible ways on the small screens of mobile devices. The agency will host a public workshop in 2012, in connection with its efforts to update the FTC's "Dot Com Disclosure" guide, about how to provide effective online disclosures. "One of the topics that will be addressed is mobile privacy disclosures, including how they can be short, effective, and accessible to consumers on small screens."
The FTC enforces the Children's Online Privacy Protection Rule. The Rule requires operators of online services, including interactive mobile apps, to provide notice and get parental consent prior to collecting information from children under 13. The report says in the next 6 months, FTC staff will conduct an additional review to determine whether some mobile apps were violating COPPA.