Parents beware: Many iPhone and Android apps designed for children are playing fast and loose with privacy, according to the Federal Trade Commission.
The FTC just released a survey [PDF] on kids' apps in Apple's App Store and the Google Play Store for Android. Of the 400 apps surveyed, 60 percent sent out the device ID, mainly to third-parties such as ad networks or analytics companies.
Although the IDs alone don't provide any personal information, some ad networks may store these IDs alongside more sensitive data, such as email addresses or social networking details. In that sense, they can act as a “key” to more data, as The Wall Street Journal points out. Apple, at least, is phasing out the Unique Device Identifier, or UDID, in favor of a method that isn't tied to personal information.
But device IDs aren't the only point of concern. Here the other key findings from the FTC's survey:
- 58 percent of apps contained advertising, but only about a quarter of those apps gave any indication prior to download.
- 22 percent of apps contained links to social networking services, but only 40 percent of them gave advanced warning to the downloader.
- 3.5 percent of apps transmitted the device's geolocation and/or phone number along with the device ID.
- Only 20 percent of apps disclosed any information about their privacy policies.
Among the apps that did disclose their privacy policies, many of them simply offered links filled with legal jargon instead of clear answers, the FTC's report says.
As for in-app purchases, 17 percent of the apps surveyed contained allow purchase of virtual goods within the app. Both the Google Play Store and iOS App Store state when in-app purchases are present, but the indicators aren't always prominent and may be hard to understand, says the FTC. (Fortunately, both Google and Apple allow parents to password-protect all purchases.)
The FTC, which issued an initial survey six months ago, says it's disappointed with its latest findings.
“Industry appears to have made little or no progress in improving its disclosures since the first kids’ app survey was conducted, and the new survey confirms that undisclosed sharing is occurring on a frequent basis,” the FTC's report says.
To improve the situation, the FTC wants the app industry to develop “best practices” to protect privacy, and says it will launch launch its own consumer education efforts. The agency will also investigate “certain entities in the mobile app marketplace” to see if any of them have violated the Children's Online Privacy Protection Act, or have engaged in unfair or deceptive practices. The report doesn't call out any specific apps.
On the bright side, some efforts by Apple and Google may help. In iOS 6, Apple added the capability to limit ad tracking (under Settings > General > About > Advertising) and to restrict access to location and other personal data (under Settings > Privacy). Google has added new restrictions for app developers to crack down on privacy violations, and allows users to turn off personalized AdMob ads under Google Play settings.
Device makers could also put forth more concerted efforts to create kid-friendly environments. Amazon's subscription-based FreeTime Unlimited service is a good example: it provides pre-screened apps for kids that have no advertisements or social media links. The Kid's Corner feature in Windows Phone 8 also creates a safer environment for kids, with social media sharing disabled, but it doesn't control advertising behavior.
Those types of features at the operating system level may be more effective in the end than trying to shame app developers into behaving. With so many apps on the market, the FTC may always find room for disappointment.