1 in 5 Kids Apps on Google Play Violates COPPA – Don’t Let Yours Be One!
According to a study done by Comparitech, a shocking 1 in 5 kids’ apps on Google Play violate COPPA. This comes at a time when Google is already under fire for various privacy snafus, ranging from its $170 million penalty for COPPA violations in 2019, to YouTube’s more recent offloading its COPPA liabilities onto individual content creators. This also comes at a time when Google is falling behind Apple in terms of privacy and transparency, with Apple introducing App Tracking Transparency in its iOS 14. What exactly did Google Play do wrong, and how can they make amends?
Download OpenBack’s whitepaper outlining our unique approach to data privacy and regulation compliance:
How Is Google Play Violating COPPA?
Of the 20% of apps of the Google Play set that violated COPPA, they found that most of them failed to include in their privacy policies any section that outlines how children’s data is processed differently from adult users’ data. They even found that over 5% of the kids’ apps in the study said that they were not targeted towards children, even some apps that had the words “kids” or “toddler” in their names. Shockingly, 50% of the apps violating COPPA had received a “teacher approved” seal.
How Can You Tell if an App Is Meant for Kids?
Of the Google Play kids’ apps that violated COPPA, 27% of them claimed not to be aimed at children, even though their apps were categorized as “for everyone” on the platform. However, section 312.2 of COPPA outlines that:
“subject matter, visual content, use of animated characters or child-oriented activities and incentives, music or other audio content, age of models, presence of child celebrities or celebrities who appeal to children, language or other characteristics of the Web site or online service, as well as whether advertising promoting or appearing on the Web site or online service is directed to children.”
We have seen other apps and publishers, such as Hyperbeard, fall afoul of COPPA before, due to their use of bright colors, cartoon characters, and crossovers with kids’ shows standing as sure signals that the app is aimed at kids.
What PII Are Kids’ Apps Collecting?
According to their privacy policies, 42% of the apps in question are collecting IP addresses from their users. 23% collect other online contact information that allows the user to be identified online, such as a screen name. Still others collect information that could be used to locate the user in the physical world, such as a phone number, address, geolocation data, even social security numbers.
On top of COPPA, Google has its own framework around data privacy for children that mobile apps must abide by. Their policy “Designing Apps for Children and Families” provides a detailed look at how to build a child-safe app. Among other things, Google states that apps must be grouped by what age they’re intended for, and that age groups below 13 are considered to be targeting kids. Children’s apps must then
“disclose the collection of any personal and sensitive information from children in your app, including through APIs and SDKs called or used in your app.” Google also provides guidelines on how to ethicially incorporate in-app ads and other forms of monetization into your app.
Parental Consent and When You Need to Request It
Most of the offending apps from the study likely didn’t request permission from parents because a) it’s a hassle they didn’t want to deal with, and b) if you ask permission, you run the risk of the parents saying no.
However, OpenBack provides a third way to leverage the user data necessary to provide a great app experience, without the need for parental consent beforehand. Our unique hybrid mobile engagement platform uses edge computing and machine learning to leverage data directly on the device. Using our default mode, data never has to leave the device, and it’s never at risk for being accessed by 3rd parties. Data stays 100% on the user’s device and in their possession.
Because of this OpenBack is fully COPPA compliant, as well as compliant with HIPAA, GDPR, CCPA, and all other regional data privacy regulations. To learn more about the strengths of the edge computing method, and the ways it improves push notification UX, read our blog post: Deliverability: The Key to Unlocking Rocketship App Retention Growth.
Or, you can get in touch with one of our experts. We’d love to chat more, and help you set up a free demo!