The report notes that -
When Apple’s iTunes App Store and Google’s Android Market first launched in 2008, smartphone users could choose from about 600 apps. Today, there are more than 500,000 apps in the Apple App store and 380,000 apps in the Android Market, which consumers can access from a variety of mobile devices, including smartphones and tablets. Consumers have downloaded these apps more than 28 billion times, and young children and teens are increasingly embracing smartphone technology for entertainment and educational purposes. As consumers increasingly rely on their mobile devices for multiple activities, the quantity and diversity of mobile apps continue to expand.It goes on to explain that -
This rapidly growing market provides enormous opportunities and benefits for app users of all ages, but raises questions about users’ privacy, especially when the users are children and teens. Mobile apps can capture a broad range of user information from the device automatically – including the user’s precise geolocation, phone number, list of contacts, call logs, unique device identifiers, and other information stored on the mobile device – and can share this data with a large number of possible recipients. These capabilities can provide beneficial services to consumers – for example, access to maps and directions, and the ability to play interactive games with other users – but they also can be used by apps to collect detailed personal information in a manner parents cannot detect.
In order to better understand and evaluate the emerging app market and the products and services it offers to children, Federal Trade Commission staff designed and conducted a survey of the apps offered for children in the two largest U.S. app stores, the Android Market and the Apple App store. Staff focused in particular on the types of apps offered to children; the age range of the intended audience; the disclosures provided to users about the apps’ data collection and sharing practices; the availability of interactive features, such as connecting with social media; and the app store ratings and parental controls offered for these systems. This report highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices.The FTC notes that -
While staff encountered a diverse pool of apps for kids created by hundreds of different developers, staff found little, if any, information in the app marketplaces about the data collection and sharing practices of these apps. Staff found almost no relevant language regarding app data collection or sharing on the Apple app promotion pages, and minimal information (beyond the general “permission” statements required on the Android operating system) on just three of the Android promotion pages. In most instances, staff was unable to determine from the promotion pages whether the apps collected any data at all, let alone the type of data collected, the purpose of the collection, and who collected or obtained access to the data. ...The report offers several conclusions -
Most of the apps in the study appear to be intended for children’s use, and many may, in fact, be “directed to children” within the meaning of COPPA. This survey focused on the disclosures provided to users regarding their data practices; it did not test whether the selected apps actually collected, used, or disclosed personal information from children. Over the next six months, staff will conduct an additional review to determine whether there are COPPA violations and whether enforcement is appropriate. Staff also will evaluate whether the industry is moving forward to address the disclosure issues raised in this report.
FTC staff believes that all members of the kids app ecosystem – the app stores, developers, and third parties providing services within the apps – should play an active role in providing key information to parents who download apps. The mobile app marketplace is growing at a tremendous speed, and many consumer protections, including privacy and privacy disclosures, have not kept pace with this development. Parents need easy access to basic information so they can make informed decisions about the apps they allow their children to use.
App developers should provide this information through simple and short disclosures or icons that are easy to find and understand on the small screen of a mobile device. Parents should be able to learn what information an app collects, how the information will be used, and with whom the information will be shared. App developers also should alert parents if the app connects with any social media, or allows targeted advertising to occur through the app. Third parties that collect user information through apps also should disclose their privacy practices, whether through a link on the app promotion page, the developers’ disclosures, or another easily accessible method.
The app stores also should do more to help parents and kids. The two major app stores provide the basic architecture for communicating information about the kids apps they offer, such as pricing and category information. However, the app stores should provide a more consistent way for developers to display information regarding their app’s data collection practices and interactive features. For example, app stores could provide a designated space for developers to disclose this information. The app stores also could provide standardized icons to signal features, such as a connection with social media services. Although the app store developer agreements require developers to disclose the information their apps collect, the app stores do not appear to enforce these requirements. This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need. As gatekeepers of the app marketplace, the app stores should do more. This recommendation applies not just to Apple and Google, but also to other companies that provide a marketplace for kids mobile apps.
Additional work is needed to identify the best means and place for conveying data practices in plain language and in easily accessible ways on the small screens of mobile devices. Staff encourages industry members, privacy groups, academics, and others to develop and test new ways to provide information to parents – for example, by standardizing language, creating icons, or using a layered approach.
