One in five apps on Google Play designed for children appear to be breaking federal law, according to new research from Comparitech.
The consumer rights and comparison site analyzed the top 300 free and top 200 paid apps on the marketplace under the children and family categories and reviewed each listed privacy policy.
It found that one in five contravened the Children's Online Privacy Protection Act (COPPA), legislation which places a strict set of FTC-enforced requirements on websites and online services aimed specifically at the under-13s, or those that collect personal data on children.
Of the 20% of Google Play-listed apps found to be violating COPPA, half were collecting personal information from children without the required child-specific privacy policy in place, according to Comparitech.
A further 27% claimed not to be aimed at children, despite being listed under the “Everyone” age limit on Google Play. Two of these were explicitly aimed at those under 10, the report claimed.
Some 9% of the erring apps did not collect children’s data themselves but worked with third parties that might. Therefore, a child-specific policy section and parental consent are required.
The same number (9%) tried to place responsibility on children and parents, either by asking kids not to submit their personal info to the app or parents to monitor their child’s app usage. Both apparently violated COPPA.
The final 6% had crucial gaps in their policies, such as failing to explain how a parent can consent or access their child’s data or featuring a privacy policy lacking clarity in some areas.
Unfortunately, half of the apps listed in the research that violate COPPA have been awarded a Google Play “teacher approved” badge.
“Two hundred and seventy-four of the apps we reviewed had received this teacher-approved tick and 50 of these (18%) were found to be in violation of COPPA guidelines,” Comparitech explained in a blog post.
“This means the apps and their privacy policies have been through two layers of review and have still passed quality control despite being in breach of COPPA’s standards.”
Most of the info collected by the rogue apps came in the form of IP addresses (42%), followed by online contact information (16%), name (12%), address (7%), telephone number (7%) and other details.
Legally it remains unclear whether the app developers alone or Google would be liable under COPPA for any infractions.
Back in 2019, Google and YouTube agreed to pay the FTC $170 million to settle a case under COPPA that they collected personal information from viewers of child-oriented channels without asking parents first.