Last update: September 2021

3 mins to read - 2021/09/20

1 in 5 Kids Apps on Google Play Violates COPPA – Don’t Let Yours Be One!

According to a study done by Comparitech, a shocking 1 in 5 kids’ apps on Google Play violate COPPA. This comes at a time when Google is already under fire for various privacy snafus, ranging from its $170 million penalty for COPPA violations in 2019, to YouTube’s more recent offloading its COPPA liabilities onto individual content creators. This also comes at a time when Google is falling behind Apple in terms of privacy and transparency, with Apple introducing App Tracking Transparency in its iOS 14. What exactly did Google Play do wrong, and how can they make amends?

Download OpenBack’s whitepaper outlining our unique approach to data privacy and regulation compliance:

google play eyes coppa data privacy

How Is Google Play Violating COPPA?

Comparitech’s study consisted of researching the 500 most popular kids’ apps available to download from Google Play. They reviewed each app’s privacy policy to see whether its stipulations were compliant. This means they were checking to see what personal identifying information (PII), if any, was being collected from users younger than 13, whether it was necessary for the app’s UX, and whether parental consent was sought before the collection of such data. The Comparitech team also surveyed app privacy policies to check that they had a process for deleting user data upon request.

Of the 20% of apps of the Google Play set that violated COPPA, they found that most of them failed to include in their privacy policies any section that outlines how children’s data is processed differently from adult users’ data. They even found that over 5% of the kids’ apps in the study said that they were not targeted towards children, even some apps that had the words “kids” or “toddler” in their names. Shockingly, 50% of the apps violating COPPA had received a “teacher approved” seal.

Moreover, 9% of these apps, while not processing data themselves, use 3rd parties that possibly do, such as advertisers or Google Analytics. Another 9% attempted to put the responsibility for protecting their data on the parents of users, or even the children themselves, warning users in their privacy policy not to submit personal information.

How Can You Tell if an App Is Meant for Kids?

Of the Google Play kids’ apps that violated COPPA, 27% of them claimed not to be aimed at children, even though their apps were categorized as “for everyone” on the platform. However, section 312.2 of COPPA outlines that:

“subject matter, visual content, use of animated characters or child-oriented activities and incentives, music or other audio content, age of models, presence of child celebrities or celebrities who appeal to children, language or other characteristics of the Web site or online service, as well as whether advertising promoting or appearing on the Web site or online service is directed to children.”

We have seen other apps and publishers, such as Hyperbeard, fall afoul of COPPA before, due to their use of bright colors, cartoon characters, and crossovers with kids’ shows standing as sure signals that the app is aimed at kids.

google play data privacy kids apps COPPA violations
Image Source:

What PII Are Kids’ Apps Collecting?

According to their privacy policies, 42% of the apps in question are collecting IP addresses from their users. 23% collect other online contact information that allows the user to be identified online, such as a screen name. Still others collect information that could be used to locate the user in the physical world, such as a phone number, address, geolocation data, even social security numbers.

On top of COPPA, Google has its own framework around data privacy for children that mobile apps must abide by. Their policy “Designing Apps for Children and Families” provides a detailed look at how to build a child-safe app. Among other things, Google states that apps must be grouped by what age they’re intended for, and that age groups below 13 are considered to be targeting kids. Children’s apps must then

“disclose the collection of any personal and sensitive information from children in your app, including through APIs and SDKs called or used in your app.” Google also provides guidelines on how to ethicially incorporate in-app ads and other forms of monetization into your app.

Parental Consent and When You Need to Request It

If you want to collect any sort of data from users younger than 13, your app will have to gain parental consent beforehand in order to comply with COPPA. As Comparitech points out, the issue here is that these offending apps don’t have any child-specific privacy policy, to govern how they will be processing kids’ data:

“As the privacy policy indicates that certain PI is collected, a separate section on how the developers ensure children’s safety should be included. If the app didn’t collect any data whatsoever, this wouldn’t be necessary.”

Most of the offending apps from the study likely didn’t request permission from parents because a) it’s a hassle they didn’t want to deal with, and b) if you ask permission, you run the risk of the parents saying no.

However, OpenBack provides a third way to leverage the user data necessary to provide a great app experience, without the need for parental consent beforehand. Our unique hybrid mobile engagement platform uses edge computing and machine learning to leverage data directly on the device. Using our default mode, data never has to leave the device, and it’s never at risk for being accessed by 3rd parties. Data stays 100% on the user’s device and in their possession.

Because of this OpenBack is fully COPPA compliant, as well as compliant with HIPAA, GDPR, CCPA, and all other regional data privacy regulations. To learn more about the strengths of the edge computing method, and the ways it improves push notification UX, read our blog post: Deliverability: The Key to Unlocking Rocketship App Retention Growth.

Or, you can get in touch with one of our experts. We’d love to chat more, and help you set up a free demo!

Leave a Reply

Your email address will not be published.

nineteen − 15 =

Download our Mobile Marketing Playbook to perfect your user engagement game!


Translate »