FTC Report Criticizes App Developers, Stores for Failing To Safeguard Kids’ Privacy

A South Korean boy uses an iPhone 4.

Photo by PARK JI-HWAN/AFP/Getty Images

A new report from the FTC takes a withering look at mobile app developers’ and app stores’ failure to make information about privacy and data collection easily available to parents. The report, with the funny-by-federgal-government-standards title “Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing,” is available as a PDF on the FTC site.

FTC staff looked at 960 apps aimed at kids—480 from the iTunes Store and 480 from the Android Marketplace. They did not download or test the apps; they did “test whether the selected apps actually collected, used, or disclosed personal information from children.” Instead, the staffers examined what was disclosed on each app’s promotion page. Did it say explicitly that an app would connect to social media or track geographic location, for instance? If an app is ad-supported, which many parents might object to, was that revealed?

The report chides, “In most instances, staff was unable to determine from the information on the app store page or the developer’s landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who collected or obtained access to such data. This is troubling given the ability of mobile apps to access users’ information on devices automatically and to transmit this information invisibly to a wide variety of entities.”

The FTC recommends that developers, the iTunes Store, and the Android Marketplace create symbols that clearly state what information each app collects, whether it connects to social media, whether there is advertising, and other facts. It also suggests that the iTunes Store and Android Marketplace become more stringent in their requirements from developers.

Next, the commission will undertake a six-month review to determine whether any apps violate the provisions of the Children’s Online Privacy Protection Act.

As Dow Jones Newswire notes, in August 2011 the FTC settled for $50,000 with Broken Thumbs Apps, whose apps allegedly had gathered the email addresses of children under 13 without their parents’ permission.