The U.S. Federal Trade Commission, which in a new survey found that the vast majority of mobile apps for kids don’t clearly disclose data sharing practices, said its next step will be the potential enforcement of privacy regulations.
The report and a recent FTC suit against an app maker “are a warning call to industry that it must do more to provide parents with easily accessible, basic information about the mobile apps that their children use,” the FTC wrote in its report on the findings of its survey, released Thursday.
In the next six months, the FTC will do additional work to decide if there are violations of existing law and if enforcement is appropriate, it said. It is also working on amendments to the Children’s Online Privacy Protection Act to include more guidelines about mobile services. The FTC is authorized to enforce COPPA.
The FTC examined nearly 500 of the top apps targeted at children in the Apple App Store and the same amount in the Android Market. In “most instances,” it was unable to discover if the apps collected any data at all by reading the promotion pages of the apps, the FTC said.
Once a user decides to download an app, Android requires the app developer to get permission from the user to collect data. But the FTC criticized the apps for not clearly explaining why an app requires the permissions it does, what the apps do with the data they collect or whether the apps share data with third parties.
The FTC simply couldn’t discover which iPhone apps for kids may access data, except for location information, because Apple doesn’t require its apps to disclose that they collect data. Apple says that it reviews apps in advance and won’t allow any app that “targets minors for data collection,” the FTC said.
Apple’s app approval process has come under fire recently for letting through apps that violate its policies. For instance, iOS apps aren’t supposed to collect a user’s contact data without their permission, yet a number of popular apps, like social network Path, were recently discovered to be doing just that. Apple now says that in a future software release it will require explicit user approval for apps that collect contact data.
The FTC made recommendations about how apps should better inform users about the data they’ll collect. It said that app stores, developers and third parties providing services in the apps all have a role to play in providing clear information to adults who download apps for their kids.
Developers should provide simple disclosures that explain what information an app collects, how it will be used and with whom it will be shared, the FTC said. Developers should also disclose if the app connects with social media or includes targeted ads. Third parties that collect user information through the app should also disclose their privacy practices, on the app promotion page or another easily accessible method, the FTC said.
App stores should also do better, it said. They should offer a consistent way for developers to display information about the app’s data collection policies. In addition, app stores should do more to enforce their data sharing requirements. “This lack of enforcement provides little incentive to app developers to provide such disclosures and leaves parents without the information they need,” the FTC said.
The Association for Competitive Technology, which represents small and midsize app developers and IT companies, said that many app developers are unaware of privacy regulations, but it said it supports the FTC’s actions. “We also believe that while the overwhelming majority of children’s app makers are well-intentioned, if there are those who operate with malice outside the law, we fully endorse regulatory action by the FTC,” it said in a statement.
The Center for Digital Democracy urged app store providers to do better. “Both Google and Apple, the two leading mobile app companies, must do a much better job protecting children’s privacy,” it said in a statement. The group has been pushing the FTC to cover mobile privacy in COPPA.
Neither Apple nor Google replied to requests for comment about the report and its recommendations.
Nancy Gohring covers mobile phones and cloud computing for The IDG News Service. Follow Nancy on Twitter at @idgnancy. Nancy’s e-mail address is Nancy_Gohring@idg.com